CVE-2012-5610 — Improper Input Validation in Owncloud

CWE-20 — Improper Input Validation3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

1.1%

top 22.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedDec 18

Latest updateMay 17

Description

Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶NVDowncloud/owncloud4.0.8

▶NVDowncloud/owncloud_server12 versions+11

Patches

Patch: owncloud.org ↗Patch: owncloud.org ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-3jv4-rvv2-fg7m: Incomplete blacklist vulnerability in lib/filesystem↗2022-05-17

▶

CVEList

CVE-2012-5610: Incomplete blacklist vulnerability in lib/filesystem↗2012-12-18

▶