CVE-2012-4389

Published: Sep 5, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file.

Affected (11)

Products: Owncloud: Owncloud, Owncloud Server

Owncloud

2 products

Owncloud

Owncloud Server

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Owncloud Owncloud	Up to 4.0.6
Owncloud Owncloud Server	Version 3.0.0
Owncloud Owncloud Server	Version 3.0.1
Owncloud Owncloud Server	Version 3.0.2
Owncloud Owncloud Server	Version 3.0.3
Owncloud Owncloud Server	Version 4.0.0
Owncloud Owncloud Server	Version 4.0.1
Owncloud Owncloud Server	Version 4.0.2
Owncloud Owncloud Server	Version 4.0.3
Owncloud Owncloud Server	Version 4.0.4
Owncloud Owncloud Server	Version 4.0.5

References (4)

http://www.openwall.com/lists/oss-security/2012/09/02/2

Source: secalert@redhat.com

https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a

Source: secalert@redhat.com

ExploitPatch

http://www.openwall.com/lists/oss-security/2012/09/02/2

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37a

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.