Description

appconfig.php in ownCloud before 4.0.6 does not properly restrict access, which allows remote authenticated users to edit app configurations via unspecified vectors. NOTE: this can be leveraged by unauthenticated remote attackers using CVE-2012-4393.

Remediation

References

CVE-2012-4752

Related Vulnerabilities

PHP Out-of-bounds Read Vulnerability (CVE-2020-7064)

Oracle HTTP Server Improper Input Validation Vulnerability (CVE-2020-29508)

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-25644)

ownCloud Incorrect Authorization Vulnerability (CVE-2021-35949)

OpenSSL Improper Authentication Vulnerability (CVE-2009-1390)

Severity

Medium

Classification

CVE-2012-4752 CWE-264

Tags

Missing Update Known Vulnerabilities