ownCloud 多个跨站请求伪造漏洞 CVE-2012-4393 CNNVD-201209-014

6.8 AV AC AU C I A
发布: 2012-09-05
修订: 2013-10-11

ownCloud 4.0.6之前版本中存在多个跨站请求伪造(CSRF)漏洞。远程攻击者可利用该漏洞劫持任意用户身份认证请求,使用以下方式:bookmarks/ajax/中的(1)addBookmark.php(2)delBookmark.php或(3)editBookmark.php;calendar/ajax/下的(4)calendar/delete.php(5) calendar/edit.php(6)calendar/new.php(7)calendar/update.php(8)event/delete.php(9)event/edit.p(10) event/move.php(11)event/new.php(12)import/import.php(13)settings/setfirstday.php(14)settings/settimeformat.php(15)share/changepermission.php(16)share/share.php(17)share/unshare.php;apps/下的(18)external/ajax/setsites.php(19)files/ajax/delete.php(20)files/ajax/move.php(21)files/ajax/newfile.php(22)files/ajax/newfolder.php(23)files/ajax/rename.php(24)files_sharing/ajax/email.php(25)files_sharing/ajax/setpermissions.php(26)files_sharing/ajax/share.php(27)files_sharing/ajax/toggleresharing.php(28) files_sharing/a!...

0%
暂无可用Exp或PoC
当前有10条受影响产品信息