An issue exists in ONLYOFFICE Document Server 5.5.0. An attacker can craft a malicious .docx file, and exploit the NSFileDownloader function to pass parameters to a binary (such as curl or wget) and remotely execute code on a victim's server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
onlyoffice document server 5.5.0 |