Back to search
CVE-2024-54445
Published: Mar 14, 2025
Modified: Mar 14, 2025
PUBLISHED
Description
Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain database tables.
| Vendor | Product | Versions |
|---|---|---|
LogicalDOC | LogicalDOC Community | affected 0 - < 9.1 |
LogicalDOC | LogicalDOC Enterprise | affected 0 - < 9.1 |
Weaknesses (CWE)
References
https://www.blackduck.com/blog/cyrc-advisory-logicaldoc.html
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now