CVE-2019-25257

Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise version 7.7.4

Description The software contains multiple authenticated operating system command execution flaws. These flaws permit attackers to manipulate binary paths when altering system settings. Exploitation involves modifying configuration parameters such as antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.