CVE-2013-2089 Information

Description

Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file then accessing it via a direct request to the file in /data.

Reference

http://owncloud.org/about/security/advisories/oC-SA-2013-026/