Launchpad.net

CVE 2013-2089

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data.

See the CVE page on Mitre.org for more details.

References