CVE-2013-0204 — Code Injection in Server

CWE-94 — Code Injection3 documents3 sources

Severity

4.6MEDIUMNVD

EPSS

0.5%

top 34.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Server

Timeline

PublishedJun 4

Latest updateMay 5

Description

settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDowncloud/owncloud_server6 versions+5

🔴Vulnerability Details

GHSA

GHSA-hf8h-pgg7-5c27: settings/personal↗2022-05-05

▶

CVEList

CVE-2013-0204: settings/personal↗2014-06-04

▶