mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-08 10:14:49 +02:00
0xMarcio
1.2 KiB
1.2 KiB
CVE-2016-9462
&color=brightgreen)
Description
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.
POC
Reference
- https://github.com/owncloud/core/commit/c93eca49c32428ece03dd67042772d5fa62c8d6e
- https://github.com/owncloud/core/commit/d31720b6f1e8c8dfeb5e8805ab35ad7c8000b2f1
- https://hackerone.com/reports/146067
Github
No PoCs found on GitHub currently.