Description
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.
Remediation
References
Related Vulnerabilities
Apache Tomcat Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2021-42340)
Joomla! Core 3.x.x Cross-Site Request Forgery (3.0.0 - 3.9.26)
WordPress Plugin LiveChat-WP live chat Cross-Site Scripting (3.7.3)
WordPress Plugin Pods-Custom Content Types and Fields SQL Injection (2.5.1.1)