VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 3, 2013· Updated Apr 29, 2026

CVE-2012-5665

CVE-2012-5665

Description

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 fails to restrict access to settings.php, allowing remote attackers to modify app configurations.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 fails to restrict access to settings.php, allowing remote attackers to modify app configurations.

Vulnerability

ownCloud versions 4.0.x before 4.0.10 and 4.5.x before 4.5.5 do not properly restrict access to settings.php [2]. This file is used to store configuration for the user_webdavauth and user_ldap apps. Without proper access controls, any remote user can read and modify these settings [4].

Exploitation

An unauthenticated remote attacker can directly access settings.php via HTTP requests. By editing the file, the attacker can alter the configuration parameters for the user_webdavauth and user_ldap apps. No special privileges or user interaction is required [2][4].

Impact

Successful exploitation allows the attacker to modify app configurations, potentially leading to authentication bypass or unauthorized access to the ownCloud instance. The attacker can change LDAP or WebDAV authentication settings, which may compromise the integrity and confidentiality of user data [2].

Mitigation

The issue is fixed in ownCloud 4.0.10 and 4.5.5, released in December 2012 [1][3]. Users should upgrade to these versions or later. No workaround is documented. The fix adds an admin check before allowing access to settings.php [4].

References
  1. security - Re: CVE request: ownCloud
  2. security - CVE request: ownCloud
  3. Changelog - ownCloud
  4. check if admin · owncloud/core@c4ecbad

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

16
  • OwnCloud/Server15 versions
    cpe:2.3:a:owncloud:owncloud_server:4.0.0:*:*:*:*:*:*:*+ 14 more
    • cpe:2.3:a:owncloud:owncloud_server:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.4:*:*:*:*:*:*:*
  • Alloy Rs/Corellm-fuzzy
    Range: >=4.0.0, <4.0.10 || >=4.5.0, <4.5.5

Patches

2
db7ca53
https://github.com/owncloud/corevia nvd-ref
commit
c4ecbad
https://github.com/owncloud/corevia nvd-ref
commit

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.