3 matches found
CVE-2024-12019 Arbitrary File Read via Document API
The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with ‘read’ and ‘download’ privileges on at least one existing document in the application is required to...
CVE-2024-12019
CVE-2024-12019 describes an arbitrary file read flaw in the LogicalDOC document API. An authenticated attacker who has at least read and download privileges on an existing document can exploit the API to read files on the underlying OS, potentially accessing any file within the privileges of the ...
CVE-2024-12019 Arbitrary File Read via Document API
The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with ‘read’ and ‘download’ privileges on at least one existing document in the application is required to...