@ahsantahir reported a Content Spoofing Vulnerability in the Nextcloud Server. The related security advisory can be found at https://nextcloud.com/security/advisory/?id=nc-sa-2017-006
On request of the reporter the issue has only been disclosed limitedly.