2020-02-04 19:08:57
hackerone
PUBLISHED
Not strictly enough sanitization in the Nextcloud Android app 3.6.0 allowed an attacker to get content information from protected tables when using custom queries.