CVE-2012-4393 in ownCloud
सारांश
द्वारा VulDB • 29/06/2026
ownCloud 4.0.6 से पहले के संस्करणों में कई cross-site request forgery (CSRF) दोष मौजूद हैं, जो दूरस्थ आक्रमणकारियों को मनमाने उपयोगकर्ताओं की प्रमाणीकरण को hijack करने और निम्नलिखित पथों का उपयोग करके अनुरोध भेजने में सक्षम बनाते हैं: bookmarks/ajax/ में (1) addBookmark.php, (2) delBookmark.php, या (3) editBookmark.php; calendar/ajax/ में (4) calendar/delete.php, (5) calendar/edit.php, (6) calendar/new.php, (7) calendar/update.php, (8) event/delete.php, (9) event/edit.php, (10) event/move.php, (11) event/new.php, (12) import/import.php, (13) settings/setfirstday.php, (14) settings/settimeformat.php, (15) share/changepermission.php, (16) share/share.php, या (17) share/unshare.php; apps/ में (18) external/ajax/setsites.php, (19) files/ajax/delete.php, (20) files/ajax/move.php, (21) files/ajax/newfile.php, (22) files/ajax/newfolder.php, (23) files/ajax/rename.php, (24) files_sharing/ajax/email.php, (25) files_sharing/ajax/setpermissions.php, (26) files_sharing/ajax/share.php, (27) files_sharing/ajax/toggleresharing.php, (28) files_sharing/ajax/togglesharewitheveryone.php, (29) files_sharing/ajax/unshare.php, (30) files_texteditor/ajax/savefile.php, (31) files_versions/ajax/rollbackVersion.php, (32) gallery/ajax/createAlbum.php, (33) gallery/ajax/sharing.php, (34) tasks/ajax/addtask.php, (35) tasks/ajax/addtaskform.php, (36) tasks/ajax/delete.php, या (37) tasks/ajax/edittask.php; अथवा settings/ajax/ में प्रबंधकों के लिए अनुरोधों का उपयोग करने वाले (38) changepassword.php, (39) creategroup.php, (40) createuser.php, (41) disableapp.php, (42) enableapp.php, (43) lostpassword.php, (44) removegroup.php, (45) removeuser.php, (46) setlanguage.php, (47) setloglevel.php, (48) setquota.php, या (49) togglegroups.php।
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.