LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can exploit the ShareFileCallback servlet by manipulating input parameters to trigger a server-side request to an attacker-controlled host.
Metrics
Affected Vendors & Products
References
History
Mon, 13 Jul 2026 20:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-918 | |
| Metrics |
cvssV3_1
|
Mon, 13 Jul 2026 19:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | LogicalDOC Enterprise Version up to and before v9.1.1 is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker can exploit the ShareFileCallback servlet by manipulating input parameters to trigger a server-side request to an attacker-controlled host. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-13T19:29:41.809Z
Reserved: 2025-04-22T00:00:00.000Z
Link: CVE-2025-45869
Updated: 2026-07-13T19:29:37.400Z
No data.
No data.
OpenCVE Enrichment
No data.