Description
Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.
Remediation
References
Related Vulnerabilities
phpMyAdmin CVE-2013-3238 Vulnerability (CVE-2013-3238)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0123)
MySQL CVE-2012-3166 Vulnerability (CVE-2012-3166)
Internet Information Services Other Vulnerability (CVE-1999-1035)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)