CVE-2020-11537

CVE-2020-11537

EPSS 1.5%

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://gist.github.com/andrewaeva/beb92d3d2f1c5672dbda5050e323f6a0 https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#551