Logicaldoc Logicaldoc Community
7 CVEs affecting Logicaldoc Logicaldoc Community. Latest disclosed: 2025-03-14. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-54449 | High | 8.8 | 2025-03-14 | The API used to interact with documents in the application contains two endpoints with a flaw that allows an authenticated attacker to write a file with contro… |
CVE-2024-54448 | High | 7.2 | 2025-03-14 | The Automation Scripting functionality can be exploited by attackers to run arbitrary system commands on the underlying operating system. An account with admin… |
CVE-2024-54447 | | 2025-03-14 | Saved search functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the attacke… | |
CVE-2024-54446 | | 2025-03-14 | Document history functionality contains a blind SQL injection that can be exploited by authenticated attackers. Using a time-based blind SQLi technique the att… | |
CVE-2024-54445 | | 2025-03-14 | Login functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can… | |
CVE-2024-12245 | | 2025-03-14 | Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker ca… | |
CVE-2024-12019 | | 2025-03-14 | The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlyin… |