Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
LogicalDOC 代码问题漏洞
Vulnerability Description
LogicalDOC是一套使用Java技术开发的文件管理系统。该系统具有Lucene全文搜索索引和自动导入等功能。 LogicalDoc 8.3.3之前版本中存在安全漏洞。攻击者可借助文档添加功能利用该漏洞上传任意文件,执行命令或从数据库中检索数据。
CVSS Information
N/A
Vulnerability Type
N/A