Logicaldoc
CVE-2020-9423
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges.
AnalysisAI
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges. Affected products include: Logicaldoc. Version information: before 8.3.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.
More in Logicaldoc
View allLogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents. Rated high severity (CVSS
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalati
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Rated
LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-
LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and
LogicalDoc before 8.3.3 allows SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document. Rated medium s
The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticat
The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying
LogicalDOC Community Edition up to 9.2.1 fails to implement rate limiting on the admin login page (/login.jsp), allowing
There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. Rated medium se
Stored cross-site scripting (XSS) in LogicalDOC Community Edition up to 9.2.1 allows authenticated users to inject malic
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today