CVE-2013-0300Cross-Site Request Forgery in Server

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 77.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Owncloud Server
Timeline
PublishedMar 14
Latest updateMay 5

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webd

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDowncloud/owncloud_server7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-5fpf-7j7v-rwwp: Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 42022-05-05
CVEList
CVE-2013-0300: Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 42014-03-14
CVE-2013-0300 — Cross-Site Request Forgery in Server | cvebase