Description
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (5.8.11)
MySQL CVE-2021-2022 Vulnerability (CVE-2021-2022)
PHP Other Vulnerability (CVE-2015-8866)
WordPress Plugin Grapefile File Sharing 'grapeupload.php' Arbitrary File Upload (1.1)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3742)