Description

appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393.

Remediation

References

CVE-2012-4752

Related Vulnerabilities

Drupal Core Security Bypass (8.0.0 - 9.2.21)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9691)

WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-4029)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-5106)

WordPress Plugin Rencontre-Dating Site Multiple Vulnerabilities (3.1.2)

Severity

Medium

Classification

CVE-2012-4752 CWE-264

Tags

Missing Update Known Vulnerabilities