Shodan
Vulnerabilities
Vulnerable Software
Logicaldoc:  >> Logicaldoc  >> 8.8.2  Security Vulnerabilities
CVE-2024-54448
The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-03-14
CVE-2024-54449
The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with controlled contents to an arbitrary location on the underlying file system. This can be used to facilitate RCE. An account with ‘read’ and ‘write’ privileges on at least one existing document in the application is required to exploit the vulnerability. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.
CVSS Score
8.8
EPSS Score
0.004
Published
2025-03-14
CVE-2022-47418
LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document version comments.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-02-07
CVE-2022-47415
LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies).
CVSS Score
5.4
EPSS Score
0.003
Published
2023-02-07
CVE-2022-47416
LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system.
CVSS Score
5.4
EPSS Score
0.003
Published
2023-02-07
CVE-2022-47417
LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the document file name.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-02-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved