SQL Injection Vulnerability in Wavelog 1.8.5 Affects Gridmap_model.php
CVE-2024-48249

7.3HIGH

Key Information:

Vendor: Wavelog
Status: Wavelog
Vendor: CVE Published:; 14 October 2024

What is CVE-2024-48249?

Wavelog version 1.8.5 is vulnerable to an SQL injection flaw in the Gridmap_model.php component. This vulnerability allows attackers to manipulate database queries through unsanitized input parameters, such as 'band', 'sat', 'propagation', or 'mode'. Exploitation of this vulnerability could grant unauthorized access to sensitive data, leading to potential data breaches and application compromise if left unaddressed.

References

https://www.wavelog.org

https://github.com/wavelog/wavelog/commit/0bf2675d93602b5...

https://chiggerlor.substack.com/p/unauthenticated-sql-inj...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2024

CVE-2024-48249 Data

JSON