Summary:
SQL injection via limit parameter on user facing APIs
Steps To Reproduce:
Run security scanner:
- REPORT /remote.php/dav/comments/files/1985
- XML input oc:filter-comments.oc:limit#text was set to 1’"
- You have an error in your SQL syntax
Supporting Material/References:
For more details see:
https://github.com/nextcloud-gmbh/h1/issues/197
Impact
Full flexed SQL injection via user provided input