CVE-2013-7344
published 2014-03-24CVE-2013-7344: Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code…
PriorityP432medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EPSS
1.15%
62.9th percentile
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| owncloud | owncloud | <= 4.0.11 | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
| owncloud | owncloud_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
ownCloud up to 4.5.5 code injection (ID 801070)
vuldb·2026-05-08·CVSS 6.5
CVE-2013-7344 [MEDIUM] ownCloud up to 4.5.5 code injection (ID 801070)
A vulnerability described as critical has been identified in ownCloud. Impacted is an unknown function. Such manipulation leads to code injection.
This vulnerability is traded as CVE-2013-7344. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is recommended.
GHSA
GHSA-7pcc-qp95-233j: Unspecified vulnerability in core/settings
ghsa_unreviewed·2022-05-17·CVSS 6.5
CVE-2013-7344 [MEDIUM] GHSA-7pcc-qp95-233j: Unspecified vulnerability in core/settings
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different affected versions.
GHSA
GHSA-42m9-36rv-vf4h: Unspecified vulnerability in core/ajax/translations
ghsa_unreviewed·2022-05-05·CVSS 6.5
CVE-2013-0303 [MEDIUM] GHSA-42m9-36rv-vf4h: Unspecified vulnerability in core/ajax/translations
Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by CVE-2013-7344.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-03-24
Published