CVE-2013-2046 — SQL Injection in Server

CWE-89 — SQL Injection7 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 46.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Owncloud Server

Timeline

PublishedMar 9

Latest updateMay 17

Description

SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶NVDowncloud/owncloud_server17 versions+16

▶Ubuntuowncloud/owncloud< 6.0.1+dfsg-1ubuntu1

🔴Vulnerability Details

GHSA

GHSA-r9cc-2qq5-x2f6: SQL injection vulnerability in lib/bookmarks↗2022-05-17

▶

OSV

CVE-2013-2046: SQL injection vulnerability in lib/bookmarks↗2014-03-09

▶

CVEList

CVE-2013-2046: SQL injection vulnerability in lib/bookmarks↗2014-03-07

▶

💬Community

Bugzilla

CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11↗2013-05-14

▶

Bugzilla

CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [fedora-18]↗2013-05-14

▶

Bugzilla

CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11 [epel-6]↗2013-05-14

▶