Description
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a user with read-only access was able to restore old versions.
Remediation
References
Related Vulnerabilities
WordPress Plugin BackupBuddy Multiple Vulnerabilities (8.0.1.8)
WordPress Plugin WordPress Poll Multiple SQL Injection Vulnerabilities (33.5)
PHP Other Vulnerability (CVE-2009-4143)
WordPress Plugin WordPress Photo Gallery by Gallery Bank SQL Injection (3.0.229)
WordPress Plugin Livemesh Addons for Elementor Security Bypass (2.5.2)