71 matches found
EUVD-2024-55363
Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter...
CVE-2024-44065
Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter...
CVE-2024-48259
Cloudlog 2.6.15 allows Oqrs.php requestform SQL injection via stationid or callsign...
CVE-2024-48259
Cloudlog 2.6.15 allows Oqrs.php requestform SQL injection via stationid or callsign...
CVE-2024-48253
Cloudlog 2.6.15 allows Oqrs.php deleteoqrsline id SQL injection...
CVE-2024-48253
Cloudlog 2.6.15 allows Oqrs.php deleteoqrsline id SQL injection...
CVE-2024-48255
Cloudlog 2.6.15 allows Oqrs.php getstationinfo stationid SQL injection...
CVE-2024-48255
Cloudlog 2.6.15 allows Oqrs.php getstationinfo stationid SQL injection...
PT-2024-33061 · Cloudlog · Cloudlog
Name of the Vulnerable Software and Affected Versions: Cloudlog version 2.6.15 Description: The issue concerns an SQL injection vulnerability in Cloudlog's Oqrs.php request form, which can be exploited via the station id or callsign variables. This vulnerability allows attackers to manipulate the...
CVE-2024-48259
Cloudlog 2.6.15 allows Oqrs.php requestform SQL injection via stationid or callsign...
CVE-2024-48255
Cloudlog 2.6.15 allows Oqrs.php getstationinfo stationid SQL injection...
CVE-2024-48253
Cloudlog 2.6.15 allows Oqrs.php deleteoqrsline id SQL injection...
CVE-2024-48259
Cloudlog 2.6.15 allows Oqrs.php requestform SQL injection via stationid or callsign...
CVE-2024-48253
Cloudlog 2.6.15 allows Oqrs.php deleteoqrsline id SQL injection...
CVE-2024-48259
Cloudlog 2.6.15 is vulnerable to an SQL injection in Oqrs.php request_form via station_id or callsign. The root cause is an unsafe handling of input in the Oqrs.php endpoint, enabling crafted queries. Impact is disclosed as SQL injection with potential data exposure or modification; no explicit e...
CVE-2024-48253
Cloudlog 2.6.15 (self-hosted PHP app) is affected by an SQL injection in oqrs.php delete_oqrs_line via the id parameter. Root cause is unescaped/unsafely handled input in the delete_oqrs_line operation, leading to potential data disclosure, modification, or tampering. Tried and true impact is hig...
CVE-2024-48255
Cloudlog 2.6.15 allows Oqrs.php getstationinfo stationid SQL injection...
CVE-2024-48255
CVE-2024-48255 affects Cloudlog 2.6.15, where the Oqrs.php get_station_info endpoint is vulnerable to SQL injection via the station_id parameter. The issue enables unauthenticated network-level access with potential impact on confidentiality, integrity, and availability as indicated by the CVSS m...
CVE-2024-45999
A SQL Injection vulnerability was discovered in Cloudlog 2.6.15, specifically within the getstationinfofunction located in the file /application/models/Oqrsmodel.php. The vulnerability is exploitable via the stationid parameter...
Cloudlog SQL注入漏洞
Cloudlog is a self-hosted PHP application by the individual developer Peter Goodhall. Allows logging of amateur radio contacts from anywhere. Cloudlog version 2.6.15 suffers from a SQL injection vulnerability that stems from vulnerability to SQL injection attacks...