Description
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.
Remediation
References
Related Vulnerabilities
WordPress Plugin GD bbPress Attachments Multiple Vulnerabilities (2.2)
XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-31985)
WordPress Plugin SendinBlue Subscribe Form And WP SMTP Multiple Unspecified Vulnerabilities (2.7.3)
Joomla! Core 3.x.x Cross-Site Scripting (3.1.2 - 3.8.7)
PrestaShop Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-7491)