CVE-2013-2046
published 2014-03-09CVE-2013-2046: SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute…
PriorityP336medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.61%
72.9th percentile
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| owncloud | owncloud | >= 0 < 6.0.1+dfsg-1ubuntu1 | 6.0.1+dfsg-1ubuntu1 |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r9cc-2qq5-x2f6: SQL injection vulnerability in lib/bookmarks
ghsa_unreviewed·2022-05-17
CVE-2013-2046 [MEDIUM] CWE-89 GHSA-r9cc-2qq5-x2f6: SQL injection vulnerability in lib/bookmarks
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
OSV
CVE-2013-2046: SQL injection vulnerability in lib/bookmarks
osv·2014-03-09·CVSS 6.5
CVE-2013-2046 [MEDIUM] CVE-2013-2046: SQL injection vulnerability in lib/bookmarks
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11
bugzilla·2013-05-14·CVSS 4.0
CVE-2013-2039 [MEDIUM] CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11
ownCloud 4.5.11 was released to correct a number of security flaws. The ones relevant to 4.5.x (which is the version we ship) are noted below. The full announcement was sent to the oss-security mailing list [1].
CVE-2013-2046: Multiple SQL Injections (oC-SA-2013-019)
- stable45: [582c3ed](https://github.com/owncloud/bookmarks/commit/582c3ed)
CVE-2013-2039: Multiple directory traversals (oC-SA-2013-020)
- stable45: [6be497c](https://github.com/owncloud/core/commit/6be497c)
CVE-2013-2040: Multiple XSS vulnerabilities (oC-SA-2013-021)
- stable45: [f9aeaa6](https://github.com/owncloud/apps/commit/f9aeaa6)
CVE-2013-2042: Multiple XSS vulnerabilities (oC-SA-2013-021)
-
Bugzilla
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [fedora-18]
bugzilla·2013-05-14·CVSS 4.0
CVE-2013-2039 [MEDIUM] CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [fedora-18]
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [fedora-18]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi
Bugzilla
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [epel-6]
bugzilla·2013-05-14·CVSS 4.0
CVE-2013-2039 [MEDIUM] CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [epel-6]
CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bod
http://osvdb.org/93383http://owncloud.org/about/security/advisories/oC-SA-2013-019http://seclists.org/oss-sec/2013/q2/324http://www.securityfocus.com/bid/59969http://osvdb.org/93383http://owncloud.org/about/security/advisories/oC-SA-2013-019http://seclists.org/oss-sec/2013/q2/324http://www.securityfocus.com/bid/59969
2014-03-09
Published