Primary

Context

LogicalDOC Blind SQL Injection Vulnerability in Document History Functionality

Vulnerability

Patched

A blind SQL injection vulnerability has been identified in the document history feature of LogicalDOC, affecting both the Community and Enterprise editions. This vulnerability can be exploited by authenticated attackers using a time-based blind SQL injection technique, potentially leading to the disclosure of all database contents. Depending on the entries in certain database tables, account takeover could also be a possible outcome.

Impact

Exploitation of this vulnerability allows for the disclosure of all database contents. Additionally, account takeover is a potential risk, depending on the presence of specific entries in certain database tables.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LogicalDOC Blind SQL Injection Vulnerability in Document History Functionality

Vulnerability

Impact

Affected Products

LogicalDOC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating