What the vulnerability does

01Description

A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars.

Key dates

02Disclosure timeline

July 10, 2020 CVE published
August 4, 2024 Record updated