cbcvebase.
CVE-2023-46988
published 2025-04-01

CVE-2023-46988: Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter…

PriorityP335medium6.7CVSS 3.1
AVLACHPRNUINSUCHIHAN
EPSS
0.46%
36.7th percentile
Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service (DoS).

Affected

1 ranges
VendorProductVersion rangeFixed in
onlyofficedocument_server>= 7.4.0 < 8.0.18.0.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.