SQL Injection Vulnerability in Wavelog Product by Wavelog
CVE-2024-48257

9.8CRITICAL

Key Information:

Vendor: Wavelog
Status: Wavelog
Vendor: CVE Published:; 14 October 2024

What is CVE-2024-48257?

The Wavelog product version 1.8.5 contains a vulnerability that allows an attacker to execute SQL injection through the Oqrs_model.php file, specifically targeting the get_worked_modes function. This flaw can potentially allow unauthorized access to sensitive data within the database, compromising the application's data integrity and security.

References

https://www.wavelog.org

https://github.com/wavelog/wavelog/commit/0bf2675d93602b5...

https://chiggerlor.substack.com/p/unauthenticated-sql-inj...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2024