LogicalDOC 8.0 Directory Traversal Vulnerability


LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry.


The information has been provided by  Johannes Moritz
The original article can be found at: https://blog.ripstech.com/2019/logicaldoc-path-traversal/


Logicaldoc is prone to a directory traversal vulnerability.This allows remote attackers to read arbitrary files via vulnerable vectors. The remote attacker might also have the ability to create, modify or overwrite critical files.


Vulnerable Systems:

  • Logicaldoc 8.0
  • Logicaldoc 8.1
  • Logicaldoc 8.1.1

CVE Information:


Disclosure Timeline:
Publish Date:05/30/2019

Categories: News