CVE-2020-10365

Name of the Vulnerable Software and Affected Versions LogicalDoc versions prior to 8.3.3

Description The issue allows SQL Injection, where an authenticated attacker could perform arbitrary queries to the database by modifying certain parameters that are not properly sanitized. This is related to how LogicalDoc populates the list of available documents by querying the database, which can be filtered by modifying some parameters.

Recommendations For versions prior to 8.3.3, update to version 8.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the document list feature to minimize the risk of exploitation. Avoid using the filtering parameters in the affected feature until the issue is resolved.