writeups.xyz / CVE-2021-43444 to 43449: Exploiting ONLYOFFICE Web Sockets for Unauthenticated Remote Code Execution

Submitter : c2a

Date: 14 December 2022

Bounty : undisclosed

Vulnerabilities :

Programs :

OnlyOffice

Authors :

Iain Wallace (@Strawp)

Link :
https://labs.nettitude.com/blog/exploiting-onlyoffice-web-sockets-for-unauthenticated-remote-code-execution/