CVE-2012-5336 Information

Description

lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.

Reference

http://owncloud.org/about/security/advisories/CVE-2012-5336/