CVE-2013-2048 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2013-2048

CWE

https://cwe.mitre.org/data/definitions/264.html

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.

Affected Software

Name	Vendor	Start Version	End Version
Owncloud	Owncloud	*	5.0.5 (including)
Owncloud_server	Owncloud	5.0.0 (including)	5.0.0 (including)
Owncloud_server	Owncloud	5.0.1 (including)	5.0.1 (including)
Owncloud_server	Owncloud	5.0.2 (including)	5.0.2 (including)
Owncloud_server	Owncloud	5.0.3 (including)	5.0.3 (including)
Owncloud_server	Owncloud	5.0.4 (including)	5.0.4 (including)
Owncloud	Ubuntu	raring	*
Owncloud	Ubuntu	upstream	*

References

http://owncloud.org/about/security/advisories/oC-SA-2013-025/
http://owncloud.org/about/security/advisories/oC-SA-2013-025/