CVE-2020-10365

{"id": "CVE-2020-10365", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-03-18T22:15:12.250", "references": [{"url": "https://www.coresecurity.com/advisories/logicaldoc-virtual-appliance-multiple-vulnerabilities", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.coresecurity.com/advisories/logicaldoc-virtual-appliance-multiple-vulnerabilities", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents by querying the database. This list could be filtered by modifying some of the parameters. Some of them are not properly sanitized which could allow an authenticated attacker to perform arbitrary queries to the database."}, {"lang": "es", "value": "LogicalDoc versiones anteriores a 8.3.3, permite una Inyecci\u00f3n SQL. LogicalDoc llena la lista de documentos disponibles consultando la base de datos. Esta lista podr\u00eda ser filtrada al modificar algunos de los par\u00e1metros. Alguno de ellos no est\u00e1n apropiadamente saneados lo que podr\u00eda permitir a un atacante autenticado realizar consultas arbitrarias en la base de datos."}], "lastModified": "2024-11-21T04:55:09.597", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:logicaldoc:logicaldoc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F1A3864-AE31-4FA6-AE3A-B6086D4AFA3A", "versionEndExcluding": "8.3.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}