CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-46988

Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service (DoS).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 24.2%

CVSS Severity

CVSS v3 Score 6.7

References

https://medium.com/@mihat2/onlyoffice-document-server-path-traversal-fdd573fec291

Products affected by CVE-2023-46988

Onlyoffice » Document Server » Version: 7.4.0

cpe:2.3:a:onlyoffice:document_server:7.4.0
Onlyoffice » Document Server » Version: 7.4.1

cpe:2.3:a:onlyoffice:document_server:7.4.1
Onlyoffice » Document Server » Version: 7.5.0

cpe:2.3:a:onlyoffice:document_server:7.5.0
Onlyoffice » Document Server » Version: 7.5.1

cpe:2.3:a:onlyoffice:document_server:7.5.1
Onlyoffice » Document Server » Version: 8.0.0

cpe:2.3:a:onlyoffice:document_server:8.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-46988

Products

Pricing

Contact Us