Description
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.
Remediation
References
Related Vulnerabilities
WordPress Plugin Chained Quiz Cross-Site Scripting (1.2.7)
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10642)
WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.16.4)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-48008)