Primary

Context

LogicalDOC Blind SQL Injection Vulnerability in Logout Functionality

Vulnerability

Patched

A blind SQL injection vulnerability has been identified in the logout functionality of LogicalDOC, a document management system. This vulnerability can be exploited by unauthenticated attackers using a time-based blind SQL injection technique, potentially leading to the disclosure of all database contents. Depending on the presence of certain entries in specific database tables, this vulnerability could also result in account takeover.

Impact

Exploitation of this vulnerability allows for the disclosure of all database contents. Additionally, account takeover is a potential outcome, depending on the presence of entries in certain database tables.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LogicalDOC Blind SQL Injection Vulnerability in Logout Functionality

Vulnerability

Impact

Affected Products

LogicalDOC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating