Описание
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 8.3.3 (исключая)
cpe:2.3:a:logicaldoc:logicaldoc:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00445
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
github
больше 3 лет назад
LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database.
EPSS
Процентиль: 63%
0.00445
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-89