SQL Injection Vulnerability in Cloudlog by Chiggerlor
CVE-2024-45999

9.8CRITICAL

Key Information:

Vendor: Magicbug
Status: Cloudlog
Vendor: CVE Published:; 1 October 2024

What is CVE-2024-45999?

A SQL Injection vulnerability found in the Cloudlog product version 2.6.15 can lead to unauthorized access to sensitive data. The issue resides within the get_station_info() function in the Oqrs_model.php file, where input from the station_id parameter is not adequately sanitized. This flaw allows an attacker to manipulate SQL queries, potentially compromising the application's database security. Appropriate security measures and updates are recommended for affected users to mitigate this vulnerability.

References

https://chiggerlor.substack.com/p/cve-2024-45999

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2024
Vulnerability Reserved
Sep 11, 2024

JSON

Magicbug

What is CVE-2024-45999?

References

CVSS V3.1

Timeline