Vulnerability CVE-2022-45175
Published: 2023-04-14

Description:
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file.

 References:
https://www.gruppotim.it/it/footer/red-team.html
Copyright 2026, cxsecurity.com

 

Back to Top