CVE-2013-1851

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbitrary files to the user’s account via unspecified vectors.

Date published : 2014-03-14

http://owncloud.org/about/security/advisories/oC-SA-2013-010/