CVE-2013-1850

NameCVE-2013-1850
DescriptionMultiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to execute arbitrary PHP code by uploading a .htaccess file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs703094

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
owncloudsource(unstable)4.0.8debian-1.6703094

Notes

https://owncloud.org/about/security/advisories/oC-SA-2013-009/
https://www.openwall.com/lists/oss-security/2013/03/14/8
Search for package or bug name: Reporting problems