LogicalDOC 8.0 Directory Traversal Vulnerability
LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry.
The information has been provided by Johannes Moritz
The original article can be found at: https://blog.ripstech.com/2019/logicaldoc-path-traversal/
Logicaldoc is prone to a directory traversal vulnerability.This allows remote attackers to read arbitrary files via vulnerable vectors. The remote attacker might also have the ability to create, modify or overwrite critical files.
- Logicaldoc 8.0
- Logicaldoc 8.1
- Logicaldoc 8.1.1