- ownCloud Server < 5.0.6
- stable5: 3bcd10a
Due to an insufficient permission check, an authenticated attacker is able to execute API commands as administrator. Additionally, an unauthenticated attacker could abuse this flaw as a cross-site request forgery vulnerability.
Update to ownCloud Server 5.0.6