ownCloud 4.0.6之前版本中存在多个跨站请求伪造(CSRF)漏洞。远程攻击者可利用该漏洞劫持任意用户身份认证请求,使用以下方式:bookmarks/ajax/中的(1)addBookmark.php(2)delBookmark.php或(3)editBookmark.php;calendar/ajax/下的(4)calendar/delete.php(5) calendar/edit.php(6)calendar/new.php(7)calendar/update.php(8)event/delete.php(9)event/edit.p(10) event/move.php(11)event/new.php(12)import/import.php(13)settings/setfirstday.php(14)settings/settimeformat.php(15)share/changepermission.php(16)share/share.php(17)share/unshare.php;apps/下的(18)external/ajax/setsites.php(19)files/ajax/delete.php(20)files/ajax/move.php(21)files/ajax/newfile.php(22)files/ajax/newfolder.php(23)files/ajax/rename.php(24)files_sharing/ajax/email.php(25)files_sharing/ajax/setpermissions.php(26)files_sharing/ajax/share.php(27)files_sharing/ajax/toggleresharing.php(28) files_sharing/a!...
ownCloud 4.0.6之前版本中存在多个跨站请求伪造(CSRF)漏洞。远程攻击者可利用该漏洞劫持任意用户身份认证请求,使用以下方式:bookmarks/ajax/中的(1)addBookmark.php(2)delBookmark.php或(3)editBookmark.php;calendar/ajax/下的(4)calendar/delete.php(5) calendar/edit.php(6)calendar/new.php(7)calendar/update.php(8)event/delete.php(9)event/edit.p(10) event/move.php(11)event/new.php(12)import/import.php(13)settings/setfirstday.php(14)settings/settimeformat.php(15)share/changepermission.php(16)share/share.php(17)share/unshare.php;apps/下的(18)external/ajax/setsites.php(19)files/ajax/delete.php(20)files/ajax/move.php(21)files/ajax/newfile.php(22)files/ajax/newfolder.php(23)files/ajax/rename.php(24)files_sharing/ajax/email.php(25)files_sharing/ajax/setpermissions.php(26)files_sharing/ajax/share.php(27)files_sharing/ajax/toggleresharing.php(28) files_sharing/a! jax/togglesharewitheveryone.php(29)files_sharing/ajax/unshare.php(30)files_texteditor/ajax/savefile.php(31)files_versions/ajax/rollbackVersion.php(32)gallery/ajax/createAlbum.php(33)gallery/ajax/sharing.php(34)tasks/ajax/addtask.php(35)tasks/ajax/addtaskform.php(36)tasks/ajax/delete.php(37) tasks/ajax/edittask.php;或settings/ajax/下的管理员请求使用(38)changepassword.php(39)creategroup.php(40)createuser.php(41) disableapp.php(42)enableapp.php(43)lostpassword.php(44)removegroup.php(45)removeuser.php(46)setlanguage.php(47)setloglevel.php(48)setquota.php(49)togglegroups.php。