Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2012-2270Improper Input Validation in Owncloud

CWE-20Improper Input Validation5 documents5 sources
Severity
5.8MEDIUMNVD
EPSS
15.8%
top 5.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedApr 20
Latest updateMay 14

Description

Open redirect vulnerability in index.php (aka the Login Page) in ownCloud before 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

NVDowncloud/owncloud_server3.0.0, 3.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-4wvc-ffmh-rrcr: Open redirect vulnerability in index2022-05-14
CVEList
CVE-2012-2270: Open redirect vulnerability in index2012-04-20

💥Exploits & PoCs

1
Exploit-DB
ownCloud 3.0.0 - 'index.php?redirect_url' Arbitrary Site Redirect2012-04-18
CVE-2012-2270 — Improper Input Validation in Owncloud | cvebase