Description

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.

Remediation

References

CVE-2013-2048

Related Vulnerabilities

WordPress Plugin Debug Log Manager Information Disclosure (2.2.2)

WordPress Plugin All In One Schema.org Rich Snippets Cross-Site Scripting (1.4.4)

OpenSSL Out-of-bounds Write Vulnerability (CVE-2016-2182)

WordPress Plugin WHOIS 'domain' Parameter Cross-Site Scripting (1.4.2.2)

WordPress Plugin Advanced Woo Search Unspecified Vulnerability (1.69)

Severity

Medium

Classification

CVE-2013-2048 CWE-264

Tags

Missing Update Known Vulnerabilities