In fact it is not a Zero-Day Exploit.
It was first discovered in April 2014 on old Microsoft SharePoint Server 2010/2013 by me while being global it-security administrator at SAAB-CSC, nowadays SAAB-DX Technology in Linköping, Sweden.
CSC stands for the US company Computer Science Corporation, nowadays DX Technology, included now in HP.
I discovered the exploit while working with SAAB internal SharePoint
portal on their intranet in April 2014.
I immediately informed the CSC CISO and my ierarchical chief.
Because I was specialized in chasing backdoors and 0-day exploits, my colleagues used to ask me every day in the morning, joking: what else did you crash/discovered today?
There were a lot more discovered in many security products.
But unfortunately, I just did my honest duty to report, and due to the high-security clearances, I was not allowed to make publicly any discovery.
Now after many years, I'm really amazed reading the devastating effect of my 2014 discovery of critical vulnerability in Microsoft SharePoint.
Also amazed by all claiming it is a new zero-day exploit, when in fact it is more than 10 years old, and never patched by Microsoft.
Or intentionally never patched...
Alike Crypto AG story...