Nextcloud: IDOR on ██████ via direct photo URL leads to unauthorized access to deleted and other users' photos
Summary: An Insecure Direct Object Reference IDOR vulnerability exists in the application that allows unauthorized access to photos belonging to other users. The application does not properly validate whether the logged-in user is authorized to access a photo when accessing it via direct URL. Thi...