ownCloud Improper Access Control Vulnerability - CVE-2016-9461
Nextcloud Server before 9.0.52 amp ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated attacker with access to a read-only share to put new files in there. It was not possible to modify existing files.