Vulnerabilities > Logicaldoc > Logicaldoc > 6.4

DATE CVE VULNERABILITY TITLE RISK
2020-04-08 CVE-2020-10366 Path Traversal vulnerability in Logicaldoc
LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365.
network
low complexity
logicaldoc CWE-22
5.0
5.0
2020-03-18 CVE-2020-9423 Unrestricted Upload of File with Dangerous Type vulnerability in Logicaldoc
LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database.
network
low complexity
logicaldoc CWE-434
critical
 10.0
10
2020-03-18 CVE-2020-10365 SQL Injection vulnerability in Logicaldoc
LogicalDoc before 8.3.3 allows SQL Injection.
network
low complexity
logicaldoc CWE-89
4.0
4.0
2017-07-17 CVE-2017-1000023 Cross-site Scripting vulnerability in Logicaldoc
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document.
network
logicaldoc CWE-79
3.5
3.5
2017-07-17 CVE-2017-1000022 Incorrect Permission Assignment for Critical Resource vulnerability in Logicaldoc
LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation.
network
low complexity
logicaldoc CWE-732
6.5
6.5
2017-07-17 CVE-2017-1000021 XXE vulnerability in Logicaldoc
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to XXE when indexing XML documents.
network
low complexity
logicaldoc CWE-611
6.5
6.5