CVE-2023-46988

MEDIUM Year: 2023
CVSS v3 Score
6.7
Medium
Weakness Type
CWE-22
View all →

Vulnerability Description

Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service (DoS).

Related Vulnerabilities

CVE-2012-5380

MEDIUM
CVSS:6.7(Medium)

Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse D...

CWE-222012

CVE-2018-1204

MEDIUM
CVSS:6.7(Medium)

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phon...

CWE-222018

CVE-2019-12666

MEDIUM
CVSS:6.7(Medium)

A vulnerability in the Guest Shell of Cisco IOS XE Software could allow an authenticated, local attacker to perform directory traversal on the base Linux operating system of Cisco IOS XE Software. The...

CWE-222019

CVE-2019-1952

MEDIUM
CVSS:6.7(Medium)

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid admi...

CWE-222019

CVE-2020-3236

MEDIUM
CVSS:6.7(Medium)

A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwri...

CWE-222020

CVE-2021-29246

MEDIUM
CVSS:6.7(Medium)

BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special c...

CWE-222021