SQL Injection Vulnerability in Wavelog 1.8.5 Affects Gridmap_model.php
CVE-2024-48249

Currently unrated

Key Information:

Vendor: Wavelog
Status: Wavelog
Vendor: CVE Published:; 14 October 2024

What is CVE-2024-48249?

Wavelog version 1.8.5 is vulnerable to an SQL injection flaw in the Gridmap_model.php component. This vulnerability allows attackers to manipulate database queries through unsanitized input parameters, such as 'band', 'sat', 'propagation', or 'mode'. Exploitation of this vulnerability could grant unauthorized access to sensitive data, leading to potential data breaches and application compromise if left unaddressed.

References

https://www.wavelog.org

https://github.com/wavelog/wavelog/commit/0bf2675d93602b5...

https://chiggerlor.substack.com/p/unauthenticated-sql-inj...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2024