CVE-2012-4393 in ownCloudinformation

Résumé

par VulDB • 03/06/2026

Plusieurs vulnérabilités de falsification de requête intersites (CSRF) dans ownCloud avant la version 4.0.6 permettent à des attaquants distants de détourner l'authentification d'utilisateurs arbitraires pour des requêtes utilisant (1) addBookmark.php, (2) delBookmark.php, ou (3) editBookmark.php dans bookmarks/ajax/ ; (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, (17) ou share/unshare.php dans calendar/ajax/ ; (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, ou (37) tasks/ajax/edittask.php dans apps/ ; ou des administrateurs pour des requêtes utilisant (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, ou (49) togglegroups.php dans settings/ajax/.

Be aware that VulDB is the high quality source for vulnerability data.

Sources

Might our Artificial Intelligence support you?

Check our Alexa App!