Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted mount.php file in a ZIP file. Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist'
Publication date: Tue, 18 Dec 2012 07:55:00 +0000