Primary

Context

LogicalDOC Blind SQL Injection Vulnerability in Login Functionality

Vulnerability

Patched

A blind SQL injection vulnerability has been identified in the login functionality of LogicalDOC document management system. This vulnerability can be exploited by unauthenticated attackers, but requires the Login Throttling feature to be enabled. By using a time-based blind SQL injection technique, an attacker could potentially access all database contents. Additionally, depending on the data in certain database tables, this vulnerability could lead to account takeover.

Impact

Exploitation of this vulnerability allows for the disclosure of all database contents. There is a potential for account takeover, depending on the presence of entries in specific database tables.

Remediation

This vulnerability has been addressed in LogicalDOC Community and Enterprise Editions version 9.1.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.0

exploitability

8.1

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.0

exploitability

8.1

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LogicalDOC Blind SQL Injection Vulnerability in Login Functionality

Vulnerability

Impact

Remediation

Affected Products

LogicalDOC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating