Unrated severityNVD Advisory· Published Sep 5, 2012· Updated Apr 29, 2026

CVE-2012-4392

Description

index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.

Affected products

OwnCloud/Owncloud Server
cpe:2.3:a:owncloud:owncloud_server:4.0.7:*:*:*:*:*:*:*

Patches

4fd069b47906

https://github.com/owncloud/corevia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/owncloud/core/commit/4fd069b47906ebcf83887970c732d464dbe7d37anvdExploitPatch
www.openwall.com/lists/oss-security/2012/08/11/1nvd
www.openwall.com/lists/oss-security/2012/09/02/2nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000