PT-2025-11291 · Logicaldoc · Logicaldoc Community+1
Matthew Hogg
·
Publicado
2025-03-14
·
Atualizado
2025-03-14
·
CVE-2024-12019
CVSS v4.0
7.1
Alta
| Vetor | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
The product name cannot be determined.
Description:
The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with
read and download privileges on at least one existing document in the application is required to exploit the issue. Exploitation of this issue would allow an attacker to read the contents of any file available within the privileges of the system user running the application.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this issue.
Correção
Relative Path Traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Logicaldoc Community
Logicaldoc Enterprise