Code execution in external storage
Platform: ownCloud Server
Risk level: High
Due to not sufficiently sanitizing the user input in “settings/personal.php” in ownCloud 4.5.x before 4.5.6 an authenticated remote attackers may be able to execute arbitrary code by entering special crafted PHP code in the mount point settings.
- ownCloud Server < 4.5.6 (CVE-2013-0204)
It is recommended that all instances are upgraded to ownCloud Server 4.5.6.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Yuji Kosuga – Vulnerability discovery and disclosure.