CVE-2018-5755

MEDIUM

Open-Xchange OX App Suite <7.6.3-rev3-7.8.4-rev4 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-5755. PoCs published by Open-Xchange.

AI-analyzed exploit summary This is a detailed vulnerability writeup for multiple CVEs affecting OX App Suite, including CVE-2018-5756, which involves improper privilege management allowing users to delete tasks or modify appointments of other users within the same context.

Description

Absolute path traversal vulnerability in the readerengine component in Open-Xchange OX App Suite before 7.6.3-rev3, 7.8.x before 7.8.2-rev4, 7.8.3 before 7.8.3-rev5, and 7.8.4 before 7.8.4-rev4 allows remote attackers to read arbitrary files via a full pathname in a formula in a spreadsheet.

Exploits (1)

exploitdb WRITEUP

by Open-Xchange · textwebappsxml

https://www.exploit-db.com/exploits/44881

View Code ZIP pw:eip

This is a detailed vulnerability writeup for multiple CVEs affecting OX App Suite, including CVE-2018-5756, which involves improper privilege management allowing users to delete tasks or modify appointments of other users within the same context.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: OX App Suite 7.8.4 and earlier

Auth required

Prerequisites: Valid user credentials · Access to the API endpoints

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44881/

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2018/Jun/23

Scores

CVSS v3 5.5

EPSS 0.0800

EPSS Percentile 94.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (5)

open-xchange/open-xchange_appsuite 7.8.0

open-xchange/open-xchange_appsuite 7.8.2

open-xchange/open-xchange_appsuite 7.8.3

open-xchange/open-xchange_appsuite 7.8.4 (2 CPE variants)

open-xchange/open-xchange_appsuite < 7.6.3

Published Jun 16, 2018

Tracked Since Feb 18, 2026