Public CVE-2020-11778 disclosure

A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API.