CVE-2013-0301Cross-Site Request Forgery in Owncloud

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 69.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
OwncloudOwncloud Server
Timeline
PublishedMar 14
Latest updateMay 5

Description

Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDowncloud/owncloud4.0.11
NVDowncloud/owncloud_server15 versions+14

🔴Vulnerability Details

2
GHSA
GHSA-p8v8-pfgh-p5cq: Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 42022-05-05
CVEList
CVE-2013-0301: Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 42014-03-14

💥Exploits & PoCs

1
Exploit-DB
Vivotek IP Cameras - Multiple Vulnerabilities2013-05-01
CVE-2013-0301 — Cross-Site Request Forgery in Owncloud | cvebase