Arbitrary PHP Code Execution via Incomplete Blacklist Vulnerabilities in ownCloud

CVE-2013-1850 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.

Learn more about our Cloud Audit.