CVE-2012-5665 — Server vulnerability

CWE-2643 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Server

Timeline

PublishedJan 3

Latest updateMay 17

Description

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDowncloud/owncloud_server15 versions+14

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-pjrj-v874-q2mx: ownCloud 4↗2022-05-17

▶

CVEList

CVE-2012-5665: ownCloud 4↗2013-01-03

▶