Описание
A file extension handling issue was found in [server] module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary file overwriting. Using this vulnerability, a remote attacker can obtain remote code execution on DocumentServer.
Ссылки
- ProductVendor Advisory
- Product
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- ProductVendor Advisory
- Product
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.2.0.71 (включая) до 5.6.0.21 (включая)
cpe:2.3:a:onlyoffice:document_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.07618
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890
EPSS
Процентиль: 92%
0.07618
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22