Document Server@5.5.0 Security Vulnerabilities and Issues — Document Server@5.5.0 CVE List

Lucene search

OnlyofficeDocument Server5.5.0

4 matches found

CVE•added 2020/04/15 3:15 p.m.•43 views

CVE-2020-11536

An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the unzip function to rewrite a binary and remotely execute code on a victim's server.

9.8CVSS9.4AI score0.00545EPSS

CVE•added 2020/04/15 3:15 p.m.•42 views

CVE-2020-11534

An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary (such as curl or wget) and remotely execute code on a victim's server.

9.8CVSS9.4AI score0.00646EPSS

CVE•added 2020/04/15 3:15 p.m.•40 views

CVE-2020-11537

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API.

9.8CVSS9.9AI score0.00309EPSS

CVE•added 2020/04/15 3:15 p.m.•38 views

CVE-2020-11535

An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit XML injection to enter an attacker-controlled parameter into the x2t binary, to rewrite this binary and/or libxcb.so.1, and execute code on a victim's server.

9.8CVSS9.6AI score0.00646EPSS