CVE 2013-0204

settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.

See the CVE page on Mitre.org for more details.