VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 9, 2014· Updated May 6, 2026

CVE-2013-2046

CVE-2013-2046

Description

SQL injection in ownCloud's lib/bookmarks.php allows authenticated users to execute arbitrary SQL commands, affecting versions before 4.5.11 and 5.0.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in ownCloud's lib/bookmarks.php allows authenticated users to execute arbitrary SQL commands, affecting versions before 4.5.11 and 5.0.6.

Vulnerability

SQL injection vulnerability in lib/bookmarks.php in ownCloud Server versions 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands. The issue is due to insufficient sanitization of user input in the bookmarks application. [1]

Exploitation

An authenticated attacker can exploit this vulnerability by sending crafted input to the bookmarks functionality. The attacker does not need any special privileges beyond being a regular user. The exact vectors are unspecified but likely involve parameters passed to SQL queries in the bookmarks module. [1]

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary SQL commands against the backend database. This can lead to unauthorized data access, modification, or deletion, and potentially to further system compromise depending on the database configuration. [1]

Mitigation

The vulnerability is fixed in ownCloud Server 4.5.11 and 5.0.6. Users should upgrade immediately. No workarounds are documented. If unable to upgrade, consider restricting access to the bookmarks functionality. [1]

References
  1. oss-sec: ownCloud Security Advisories oC-SA-0{19-27}

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

17
  • OwnCloud/Server17 versions
    cpe:2.3:a:owncloud:owncloud_server:4.5.0:*:*:*:*:*:*:*+ 16 more
    • cpe:2.3:a:owncloud:owncloud_server:4.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:4.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.5:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.