26th July 2019
Risk level: Low
CVSS v3 Base Score: 10 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N)
HackerOne report: 508487
Improper sanitation of user input allowed any unauthenticated user to perform SQL injection attacks.
The error has been fixed.
It is recommended that all instances are upgraded to at least version 0.3.0.
The Nextcloud team thanks the following people for their research and responsible disclosure of the above advisory: