CVE-2024-54448

High CVSS: 8.6

The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with administrator privileges or that has been explicitly granted access to use Automation Scripting is needed to carry out the attack. Exploitation of this vulnerability would allow an attacker to run commands of their choosing on the underlying operating system of the web server running LogicalDOC.

Vendor

Logicaldoc

Product

Logicaldoc

CWE

CWE-94

Yayın Tarihi

2025-03-14 18:15:30

Güncelleme

2025-11-07 02:21:41

Source Identifier

disclosure@synopsys.com

KEV Date Added

Kategoriler

CWE-94 Logicaldoc HIGH Logicaldoc 2025

Referanslar

https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html

Benzer Kayıtlar

High

CVE-2019-25258

LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers t…

Medium

CVE-2025-12546

A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the componen…

Medium

CVE-2025-12547

A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of t…

Medium

CVE-2025-11946

A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown process…

High

CVE-2024-54449

The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticat…

Medium

CVE-2024-12020

There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthentica…