Code execution in /lib/migrate.php
Platform: ownCloud Server
Versions: 4.0.10, 4.5.5,
Risk level: High
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows authenticated remote attackers to execute arbitrary code by uploading a crafted mount.php file in an imported ZIP file.
- ownCloud Server < 4.0.10 (CVE-2013-5665)
- ownCloud Server < 4.5.5 (CVE-2013-5665)
It is recommended that all instances are upgraded to ownCloud Server 4.5.5 or 4.0.10.
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Felix Richter – Vulnerability discovery and disclosure.