CVE-2013-2048 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2013-2048

CWE

https://cwe.mitre.org/data/definitions/264.html

ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.

Affected Software

Name	Vendor	Start Version	End Version
Owncloud	Owncloud	*	5.0.5 (including)
Owncloud	Owncloud	5.0.0 (including)	5.0.0 (including)
Owncloud	Owncloud	5.0.1 (including)	5.0.1 (including)
Owncloud	Owncloud	5.0.2 (including)	5.0.2 (including)
Owncloud	Owncloud	5.0.3 (including)	5.0.3 (including)
Owncloud	Owncloud	5.0.4 (including)	5.0.4 (including)
Owncloud	Ubuntu	raring	*
Owncloud	Ubuntu	upstream	*

References

http://owncloud.org/about/security/advisories/oC-SA-2013-025/
http://owncloud.org/about/security/advisories/oC-SA-2013-025/