A SQL Injection issue exists in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
onlyoffice document server 5.5.0 |