Browse all 15 CVE security advisories affecting LogicalDOC. AI-powered Chinese analysis, POCs, and references for each vulnerability.
LogicalDOC serves as a document management system designed for organizing, storing, and versioning files while enabling collaboration workflows. Historically, the application has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with 15 CVEs documented across its versions. Security researchers have identified authentication bypasses and insecure direct object references as recurring concerns. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in web management interfaces and file processing components suggests potential attack surfaces for unauthorized access or system compromise. Regular patching and hardening configurations remain critical for secure deployment.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-12245 | Blind SQL Injection in Logout — LogicalDOC CommunityCWE-89 | 9.1 | - | 2025-03-14 |
| CVE-2024-12019 | Arbitrary File Read via Document API — LogicalDOC CommunityCWE-23 | 6.5 | - | 2025-03-14 |
| CVE-2024-54449 | Remote Code Execution (RCE) via Arbitrary File Write In Document API — LogicalDOC CommunityCWE-23 | 8.8 | - | 2025-03-14 |
| CVE-2024-54448 | Remote Code Execution (RCE) via Automation Scripting — LogicalDOC CommunityCWE-94 | 6.8 | - | 2025-03-14 |
| CVE-2024-54447 | Blind SQLi in Saved Search — LogicalDOC CommunityCWE-89 | 8.1 | - | 2025-03-14 |
| CVE-2024-54446 | Blind SQLi in Document History — LogicalDOC CommunityCWE-89 | 8.1 | - | 2025-03-14 |
| CVE-2024-54445 | Blind SQLi in Login — LogicalDOC CommunityCWE-89 | 9.1 | - | 2025-03-14 |
This page lists every published CVE security advisory associated with LogicalDOC. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.