CVE-2020-11537

CVE-2020-11537

EPSS 1.5%

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://gist.github.com/andrewaeva/beb92d3d2f1c5672dbda5050e323f6a0 https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#551