CVE-2013-0303

ownCloud < 4.0.12 and 4.5.x < 4.5.6 - Authenticated Remote Code Execution

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-0303. PoCs published by CiscoCXSecurity.

AI-analyzed exploit summary This is a functional exploit for CVE-2013-0303, targeting ownCloud versions 4.5.6 and prior. It leverages authentication to upload a PHP reverse shell, enabling remote code execution.

Description

Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected versions. The core/settings.php issue is covered by CVE-2013-7344.

Exploits (1)

nomisec WORKING POC
by CiscoCXSecurity · poc
https://github.com/CiscoCXSecurity/ownCloud_RCE_CVE-2013-0303

This is a functional exploit for CVE-2013-0303, targeting ownCloud versions 4.5.6 and prior. It leverages authentication to upload a PHP reverse shell, enabling remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: ownCloud <= 4.5.6
Auth required
Prerequisites: Valid ownCloud credentials · Network access to the target · PHP execution capabilities on the server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

EPSS 0.0261
EPSS Percentile 83.5%

Details

Status published
Products (18)
owncloud/owncloud < 4.0.11
owncloud/owncloud_server 4.0.0
owncloud/owncloud_server 4.0.1
owncloud/owncloud_server 4.0.2
owncloud/owncloud_server 4.0.3
owncloud/owncloud_server 4.0.4
owncloud/owncloud_server 4.0.5
owncloud/owncloud_server 4.0.6
owncloud/owncloud_server 4.0.7
owncloud/owncloud_server 4.0.8
... and 8 more
Published Mar 24, 2014
Tracked Since Feb 18, 2026