Vulnerability Details CVE-2020-11537
A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 70.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-11537
-
cpe:2.3:a:onlyoffice:document_server:5.5.0