CVE-2014-9041 – Mandriva Linux Security Advisory 2015-190

https://notcve.org/view.php?id=CVE-2014-9041

04 Feb 2015 — The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks. La funcionalidad de importación en la aplicación bookmarks application en el servidor ownCloud anterior a 5.0.18, 6.x anterior a 6.0.6, y 7.x anterior a 7.0.3 no valida los tokens CSRF, lo que permiten a atacantes remotos realizar ataques de CSRF. Multiple vulnerabilities have been discovered and co... • https://owncloud.org/security/advisory/?id=oc-sa-2014-027 • CWE-352: Cross-Site Request Forgery (CSRF) •