CVE-2019-25258

LogicalDOC Enterprise 7.7.4 is affected by post-authentication file disclosure vulnerabilities. The issue arises from insufficient validation of suffix and fileVersion parameters, enabling directory traversal in the /thumbnail and /convertpdf endpoints to read arbitrary files (e.g., win.ini, /etc...

CVE-2019-25258 LogicalDOC Enterprise 7.7.4 Multiple Post-Authentication Directory Traversal Vulnerabilities

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to...

PT-2025-53344

Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise version 7.7.4 Description The software contains multiple post-authentication file disclosure issues that allow attackers to read arbitrary files through unverified suffix and fileVersion parameters. Attackers can exploit...

LogicalDOC Enterprise 安全漏洞

LogicalDOC Enterprise is a document management system from the Italian company LogicalDOC. A security vulnerability exists in LogicalDOC Enterprise version 7.7.4, which stems from insufficient validation of the suffix and fileVersion parameters and could lead to arbitrary file disclosure...