PT-2025-11291 · Logicaldoc · Logicaldoc Community+1
Matthew Hogg
·
Published
2025-03-14
·
Updated
2025-03-14
·
CVE-2024-12019
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
The product name cannot be determined.
Description:
The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with
read and download privileges on at least one existing document in the application is required to exploit the issue. Exploitation of this issue would allow an attacker to read the contents of any file available within the privileges of the system user running the application.Recommendations:
At the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Logicaldoc Community
Logicaldoc Enterprise