Description

index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.

Remediation

References

CVE-2012-4392

Related Vulnerabilities

WordPress Plugin Comment Rating SQL Injection and Security Bypass Weakness Vulnerabilities (2.9.32)

WordPress Plugin WP Forum Server Cross-Site Scripting and SQL Injection Vulnerabilities (1.7.3)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33324)

MediaWiki Missing Authorization Vulnerability (CVE-2019-12470)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2022-37454)

Severity

High

Classification

CVE-2012-4392 CWE-287

Tags

Missing Update Known Vulnerabilities