CVE-2012-5336
owncloud < 4.0.8 - Authenticated Arbitrary File Read via WebDAV
Title source: llmDescription
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://owncloud.org/about/security/advisories/CVE-2012-5336/
Scores
EPSS
0.0030
EPSS Percentile
53.3%
Details
CWE
CWE-20
Status
published
Products (8)
owncloud/owncloud
< 4.0.7
owncloud/owncloud_server
4.0.0
owncloud/owncloud_server
4.0.1
owncloud/owncloud_server
4.0.2
owncloud/owncloud_server
4.0.3
owncloud/owncloud_server
4.0.4
owncloud/owncloud_server
4.0.5
owncloud/owncloud_server
4.0.6
Published
Jun 04, 2014
Tracked Since
Feb 18, 2026