Description
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.
Remediation
References
Related Vulnerabilities
WordPress Plugin I Recommend This SQL Injection (3.7.2)
WordPress Plugin Divi Builder Cross-Site Scripting (2.17.2)
MySQL CVE-2022-21638 Vulnerability (CVE-2022-21638)
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1)
WordPress Plugin School Management System-WPSchoolPress Multiple Vulnerabilities (2.1.9)