Vulnerability Details CVE-2023-34939
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.124
EPSS Ranking 93.6%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/ONLYOFFICE/CommunityServer/blob/master/CHANGELOG.md#version-1252
- https://github.com/firsov/onlyoffice
- https://github.com/firsov/onlyoffice/blob/main/CVE-2023-34939-PoC.md
- https://github.com/ONLYOFFICE/CommunityServer/blob/master/CHANGELOG.md#version-1252
- https://github.com/firsov/onlyoffice
- https://github.com/firsov/onlyoffice/blob/main/CVE-2023-34939-PoC.md
Products affected by CVE-2023-34939
-
cpe:2.3:a:onlyoffice:onlyoffice:10.0.1
-
cpe:2.3:a:onlyoffice:onlyoffice:10.5.1
-
cpe:2.3:a:onlyoffice:onlyoffice:11.0.0
-
cpe:2.3:a:onlyoffice:onlyoffice:11.5.1
-
cpe:2.3:a:onlyoffice:onlyoffice:11.5.2
-
cpe:2.3:a:onlyoffice:onlyoffice:11.5.3
-
cpe:2.3:a:onlyoffice:onlyoffice:11.6.0
-
cpe:2.3:a:onlyoffice:onlyoffice:12.0.0
-
cpe:2.3:a:onlyoffice:onlyoffice:12.0.1
-
cpe:2.3:a:onlyoffice:onlyoffice:12.1.0
-
cpe:2.3:a:onlyoffice:onlyoffice:12.5.0
-
cpe:2.3:a:onlyoffice:onlyoffice:12.5.1
-
cpe:2.3:a:onlyoffice:onlyoffice:8.5.1
-
cpe:2.3:a:onlyoffice:onlyoffice:8.9.0
-
cpe:2.3:a:onlyoffice:onlyoffice:8.9.2
-
cpe:2.3:a:onlyoffice:onlyoffice:9.0.0
-
cpe:2.3:a:onlyoffice:onlyoffice:9.1.0
-
cpe:2.3:a:onlyoffice:onlyoffice:9.1.1
-
cpe:2.3:a:onlyoffice:onlyoffice:9.5.4
-
cpe:2.3:a:onlyoffice:onlyoffice:9.6.0
-
cpe:2.3:a:onlyoffice:onlyoffice:9.6.1
-
cpe:2.3:a:onlyoffice:onlyoffice:9.6.2