SQL Injection Vulnerability in Cloudlog Software
CVE-2024-48259

Currently unrated

Key Information:

Vendor: MagicBug
Status: Cloudlog
Vendor: CVE Published:; 14 October 2024

What is CVE-2024-48259?

The vulnerability in Cloudlog version 2.6.15 arises from improper input validation in the Oqrs.php request_form, allowing attackers to perform SQL injection through manipulative input in the station_id or callsign parameters. This could lead to unauthorized access to sensitive data, modification of the database content, and potential system compromise. Users of the affected product should take immediate action to mitigate risks associated with this vulnerability by applying security patches or implementing additional input validation measures.

References

https://github.com/magicbug/Cloudlog

https://www.magicbug.co.uk/cloudlog/

https://chiggerlor.substack.com/p/unauthenticated-sql-inj...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2024

JSON

MagicBug

What is CVE-2024-48259?

References

Timeline