ID de Prueba:	1.3.6.1.4.1.25623.1.0.804280
Categoría:	Web application abuses
Título:	ownCloud Multiple Code Execution & Local File Disclosure Vulnerabilities (May 2014)
Resumen:	ownCloud is prone to multiple arbitrary code execution and local file disclosure vulnerabilities.
Descripción:	Summary: ownCloud is prone to multiple arbitrary code execution and local file disclosure vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Improper verification of user-uploaded files by apps/contacts/import.php and apps/contacts/ajax/uploadimport.php scripts. - Insufficient sanitization of user-supplied input to lib/migrate.php script. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary PHP code by uploading a '.htaccess' file and gain access to arbitrary files. Affected Software/OS: ownCloud Server before version 4.0.13 and 4.5.x before version 4.5.8 Solution: Update to version 4.0.13 or 4.5.8 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1850 Common Vulnerability Exposure (CVE) ID: CVE-2013-1851
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.