LogicalDoc prior to 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated malicious user to perform arbitrary queries to the database.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
logicaldoc logicaldoc |