Primary

Context

LogicalDOC Blind SQL Injection Vulnerability in Saved Search Functionality

Vulnerability

Patched

A blind SQL injection vulnerability has been identified in the saved search functionality of LogicalDOC document management system. This vulnerability can be exploited by authenticated attackers using a time-based blind SQL injection technique, potentially leading to the disclosure of all database contents. Depending on the presence of certain entries in the database, this vulnerability could also result in account takeover.

Impact

Exploitation of this vulnerability allows authenticated attackers to use time-based blind SQL injection techniques to access and disclose all database contents. Additionally, there is a potential for account takeover, depending on the presence of specific entries in certain database tables.

Remediation

This vulnerability has been mitigated in both LogicalDOC Community and Enterprise Editions version 9.1.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LogicalDOC Blind SQL Injection Vulnerability in Saved Search Functionality

Vulnerability

Impact

Remediation

Affected Products

LogicalDOC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating