Description

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.

Remediation

References

CVE-2012-5665

Related Vulnerabilities

WordPress Plugin WordPress Mobile app Builder-Convert WordPress site to native mobile apps Arbitrary File Upload (1.05)

WordPress Plugin YOP Poll Cross-Site Scripting (6.3.2)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-5498)

WordPress Plugin WP Photo Album Plus Cross-Site Scripting (5.4.17)

Apache HTTP Server Other Vulnerability (CVE-1999-1053)

Severity

Medium

Classification

CVE-2012-5665 CWE-264

Tags

Missing Update Known Vulnerabilities