Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x prior to 4.5.7 allow remote malicious users to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/settings.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
owncloud owncloud 4.5.0 |
||
owncloud owncloud 4.5.2 |
||
owncloud owncloud 4.5.3 |
||
owncloud owncloud 4.5.4 |
||
owncloud owncloud 4.5.5 |
||
owncloud owncloud 4.5.1 |
||
owncloud owncloud 4.5.6 |