LogicalDOC Community Edition 8.x before 8.2.1 has a path traversal vulnerability that allows reading arbitrary files and the creation of directories, in the class PluginRegistry.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9723
Reference (s):
- https://blog.ripstech.com/2019/logicaldoc-path-traversal/