← voltar
CVE-2019-25257

LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

CVSS 8.7 HIGHEPSS 0.4%CWE-426
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Produtos afetados
LogicalDOC Srl · LogicalDOC Enterprise

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.exploit-db.com/exploits/44021https://www.logicaldoc.comhttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5452.php