{"id":"CVE-2023-34939","details":"Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.","modified":"2026-03-11T15:16:58.524463Z","published":"2023-06-22T12:15:12.013Z","references":[{"type":"WEB"},{"type":"ADVISORY","url":"https://github.com/ONLYOFFICE/CommunityServer/blob/master/CHANGELOG.md#version-1252"},{"type":"EVIDENCE","url":"https://github.com/firsov/onlyoffice"},{"type":"EVIDENCE","url":"https://github.com/firsov/onlyoffice/blob/main/CVE-2023-34939-PoC.md"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/onlyoffice/communityserver","events":[{"introduced":"0"},{"fixed":"ad790e8a87b3c634afc04c4fff83f1656fb1e920"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"12.5.2"}]}}],"versions":["11.5.2-2","ONLYOFFICE-7.7","ONLYOFFICE-CommunityServer-8.5.1","v10.0.1","v10.5.1","v11.0.0","v11.5.2","v11.6.0","v12.0.0","v12.0.1","v12.1.0","v8.9.0","v8.9.2","v9.0.0","v9.1.0","v9.1.1","v9.5.4","v9.6.0","v9.6.1","v9.6.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34939.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}