CVE-2020-9423

Name of the Vulnerable Software and Affected Versions LogicalDoc versions prior to 8.3.3

Description The issue allows an attacker to upload arbitrary files, potentially leading to command execution or retrieval of data from the database. This is due to the abuse of the document addition functionality, which can be exploited by an unauthenticated attacker to upload malicious files to restricted folders, resulting in the execution of commands with root privileges.

Recommendations For versions prior to 8.3.3, update to version 8.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the document upload functionality to prevent unauthenticated attackers from uploading arbitrary files.