Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation
Vulnerability Description
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
不可信的搜索路径
Vulnerability Title
LogicalDOC Enterprise 安全漏洞
Vulnerability Description
LogicalDOC Enterprise是意大利LogicalDOC公司的一个文档管理系统。 LogicalDOC Enterprise 7.7.4版本存在安全漏洞,该漏洞源于修改系统设置时对二进制路径验证不足,可能导致操作系统命令执行。
CVSS Information
N/A
Vulnerability Type
N/A