LogicalDOC 8.0 Directory Traversal Vulnerability

Summary

LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry.

Credit:

The information has been provided by  Johannes Moritz
The original article can be found at: https://blog.ripstech.com/2019/logicaldoc-path-traversal/


Details

Logicaldoc is prone to a directory traversal vulnerability.This allows remote attackers to read arbitrary files via vulnerable vectors. The remote attacker might also have the ability to create, modify or overwrite critical files.

 

Vulnerable Systems:

  • Logicaldoc 8.0
  • Logicaldoc 8.1
  • Logicaldoc 8.1.1

CVE Information:

CVE-2019-9723

Disclosure Timeline:
Publish Date:05/30/2019

Categories: News