Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.
2014-03-14T16:55:04.910
2025-04-12T10:46:40.837
Deferred
CVSSv2: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | owncloud | owncloud_server | 4.5.0 | Yes |
| Application | owncloud | owncloud_server | 4.5.1 | Yes |
| Application | owncloud | owncloud_server | 4.5.2 | Yes |
| Application | owncloud | owncloud_server | 4.5.3 | Yes |
| Application | owncloud | owncloud_server | 4.5.4 | Yes |
| Application | owncloud | owncloud_server | 4.5.5 | Yes |
| Application | owncloud | owncloud_server | 4.5.6 | Yes |
| Application | owncloud | owncloud_server | 4.5.7 | Yes |
| Application | owncloud | owncloud | ≤ 4.0.12 | Yes |
| Application | owncloud | owncloud_server | 3.0.0 | Yes |
| Application | owncloud | owncloud_server | 3.0.1 | Yes |
| Application | owncloud | owncloud_server | 3.0.2 | Yes |
| Application | owncloud | owncloud_server | 3.0.3 | Yes |
| Application | owncloud | owncloud_server | 4.0.0 | Yes |
| Application | owncloud | owncloud_server | 4.0.1 | Yes |
| Application | owncloud | owncloud_server | 4.0.2 | Yes |
| Application | owncloud | owncloud_server | 4.0.3 | Yes |
| Application | owncloud | owncloud_server | 4.0.4 | Yes |
| Application | owncloud | owncloud_server | 4.0.5 | Yes |
| Application | owncloud | owncloud_server | 4.0.6 | Yes |
| Application | owncloud | owncloud_server | 4.0.7 | Yes |
| Application | owncloud | owncloud_server | 4.0.8 | Yes |
| Application | owncloud | owncloud_server | 4.0.9 | Yes |
| Application | owncloud | owncloud_server | 4.0.10 | Yes |
| Application | owncloud | owncloud_server | 4.0.11 | Yes |