CVE-2020-11537

Publication date

2020-04-15 14:56:05

Family

mitre

State

PUBLISHED

Description

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API.