Unrated severityNVD Advisory· Published Apr 1, 2025· Updated Apr 15, 2025
CVE-2023-46988
CVE-2023-46988
Description
Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service (DoS).
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <8.0.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.