CVE-2012-5609
owncloud < 4.5.2 - Authenticated Remote Code Execution via ZIP File Upload
Title source: llmDescription
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.
References (6)
Core 6
Core References
Patch x_refsource_confirm
https://github.com/owncloud/core/commit/4619c66
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51357
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/11/30/3
Various Sources x_refsource_confirm
http://owncloud.org/changelog/
Patch, Vendor Advisory x_refsource_confirm
http://owncloud.org/security/advisories/oc-sa-2012-004/
Scores
EPSS
0.0103
EPSS Percentile
77.6%
Details
Status
published
Products (16)
owncloud/owncloud
< 4.5.1
owncloud/owncloud_server
3.0.0
owncloud/owncloud_server
3.0.1
owncloud/owncloud_server
3.0.2
owncloud/owncloud_server
3.0.3
owncloud/owncloud_server
4.0.0
owncloud/owncloud_server
4.0.1
owncloud/owncloud_server
4.0.2
owncloud/owncloud_server
4.0.3
owncloud/owncloud_server
4.0.4
... and 6 more
Published
Dec 18, 2012
Tracked Since
Feb 18, 2026