VIR Vulnerability Intelligence Relay

CVE-2012-5609

medium
Published 2012-12-18 · Modified 2026-04-29
CVSS v3
CVSS v2
6.5
VIR risk
6.5

Description

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/owncloud/core/commit/e8a0cea

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://github.com/owncloud/core/commit/4619c66

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/51357

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://owncloud.org/security/advisories/oc-sa-2012-004/

Application impact
VendorProductVersionsFixed
owncloudowncloud{"endIncluding":"4.5.1"}
owncloudowncloud_server3.0.0
owncloudowncloud_server3.0.1
owncloudowncloud_server3.0.2
owncloudowncloud_server3.0.3
owncloudowncloud_server4.0.0
owncloudowncloud_server4.0.1
owncloudowncloud_server4.0.2
owncloudowncloud_server4.0.3
owncloudowncloud_server4.0.4
owncloudowncloud_server4.0.5
owncloudowncloud_server4.0.6
owncloudowncloud_server4.0.7
owncloudowncloud_server4.0.8
owncloudowncloud_server4.0.9
owncloudowncloud_server4.5.0

References

Verify integrity in audit chain (admin only). AS-IS.