CVE-2012-5609

Опубликовано: 18 дек. 2012

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.

Комментарий

Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist'

Ссылки

http://owncloud.org/changelog/
http://owncloud.org/security/advisories/oc-sa-2012-004/
Patch
Vendor Advisory
http://secunia.com/advisories/51357
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/30/3
https://github.com/owncloud/core/commit/4619c66
Patch
https://github.com/owncloud/core/commit/e8a0cea
Patch
http://owncloud.org/changelog/
http://owncloud.org/security/advisories/oc-sa-2012-004/
Patch
Vendor Advisory
http://secunia.com/advisories/51357
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/30/3
https://github.com/owncloud/core/commit/4619c66
Patch
https://github.com/owncloud/core/commit/e8a0cea
Patch

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*

Версия до 4.5.1 (включая)

cpe:2.3:a:owncloud:owncloud_server:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:3.0.2:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:3.0.3:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.0.9:*:*:*:*:*:*:*

cpe:2.3:a:owncloud:owncloud_server:4.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01029

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2012-5609

ubuntu

около 13 лет назад

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.

CVE-2012-5609

debian

около 13 лет назад

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud befo ...

GHSA-5m87-5j4w-qvwf

github

больше 3 лет назад

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.

EPSS

Процентиль: 77%

0.01029

Низкий

6.5 Medium

CVSS2

Дефекты

NVD-CWE-Other