VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 5, 2012· Updated Apr 29, 2026

CVE-2012-4752

CVE-2012-4752

Description

ownCloud before 4.0.6 has improper access restriction in appconfig.php, allowing authenticated users to edit app configurations, exploitable by unauthenticated attackers via CVE-2012-4393.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ownCloud before 4.0.6 has improper access restriction in appconfig.php, allowing authenticated users to edit app configurations, exploitable by unauthenticated attackers via CVE-2012-4393.

## Vulnerability appconfig.php in ownCloud versions before 4.0.6 does not properly restrict access, allowing remote authenticated users to edit app configurations via unspecified vectors (CVE-2012-4752). This issue can be combined with CVE-2012-4393 for exploitation by unauthenticated attackers [1].

Exploitation

An attacker needs valid authenticated credentials to ownCloud. The exact vectors are unspecified, but the lack of access control permits direct editing of app configurations. Unauthenticated attackers can leverage CVE-2012-4393 (an unrelated vulnerability) to obtain authenticated access and then exploit this issue [1].

Impact

Successful exploitation allows an attacker to modify app configurations, potentially leading to data manipulation, privilege escalation, or further compromise of the ownCloud instance. The exact impact depends on the configuration data being modified.

Mitigation

Fixed in ownCloud 4.0.6 as per the official changelog [4]. The commit [3] shows the addition of an admin user check in appconfig.php, which resolves the access restriction. Users should upgrade to version 4.0.6 or later.

References
  1. oss-security - Re: CVE - ownCloud
  2. Check for admin user · owncloud/core@9605e19
  3. Changelog - ownCloud

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11
  • OwnCloud/Owncloud2 versions
    cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*range: <=4.0.5
    • (no CPE)range: <4.0.6
  • OwnCloud/Server9 versions
    cpe:2.3:a:owncloud:owncloud_server:3.0.0:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:owncloud:owncloud_server:3.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:3.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.4:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.