CVE-2019-25258
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.
| Software | From | Fixed in |
|---|---|---|
| logicaldoc / logicaldoc | 7.1.1 | 7.1.1.x |
| logicaldoc / logicaldoc | 7.4.2 | 7.4.2.x |
| logicaldoc / logicaldoc | 7.5.1 | 7.5.1.x |
| logicaldoc / logicaldoc | 7.6.2 | 7.6.2.x |
| logicaldoc / logicaldoc | 7.6.4 | 7.6.4.x |
| logicaldoc / logicaldoc | 7.7.1 | 7.7.1.x |
| logicaldoc / logicaldoc | 7.7.2 | 7.7.2.x |
| logicaldoc / logicaldoc | 7.7.3 | 7.7.3.x |
| logicaldoc / logicaldoc | 7.7.4 | 7.7.4.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime