Description

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.

Remediation

References

CVE-2012-5665

Related Vulnerabilities

WordPress Plugin Advanced Custom Fields PRO Multiple Security Bypass Vulnerabilities (5.10)

Perl CVE-2016-6185 Vulnerability (CVE-2016-6185)

WordPress Plugin Homepage SlideShow Arbitrary File Upload (2.3)

MySQL CVE-2013-2378 Vulnerability (CVE-2013-2378)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-10097)

Severity

Medium

Classification

CVE-2012-5665 CWE-264

Tags

Missing Update Known Vulnerabilities