CVE-2023-34939

Name of the Vulnerable Software and Affected Versions Onlyoffice Community Server versions prior to 12.5.2

Description The issue is related to a remote code execution vulnerability in the UploadProgress.ashx component. It is associated with errors in handling the relative path to a directory with limited access. Exploitation of this issue can allow a remote attacker to execute arbitrary code.

Recommendations For versions prior to 12.5.2, update to version 12.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the UploadProgress.ashx component until a patch is applied.