CVE-2020-11537

CVE-2020-11537

EPSS 1.5%

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/andrewaeva/beb92d3d2f1c5672dbda5050e323f6a0 https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#551