CVE-2024-48259

Cloudlog 2.6.15 is vulnerable to an SQL injection in Oqrs.php request_form via station_id or callsign. The root cause is an unsafe handling of input in the Oqrs.php endpoint, enabling crafted queries. Impact is disclosed as SQL injection with potential data exposure or modification; no explicit e...

CVE-2024-48255

CVE-2024-48255 affects Cloudlog 2.6.15, where the Oqrs.php get_station_info endpoint is vulnerable to SQL injection via the station_id parameter. The issue enables unauthenticated network-level access with potential impact on confidentiality, integrity, and availability as indicated by the CVSS m...

CVE-2024-48253

Cloudlog 2.6.15 (self-hosted PHP app) is affected by an SQL injection in oqrs.php delete_oqrs_line via the id parameter. Root cause is unescaped/unsafely handled input in the delete_oqrs_line operation, leading to potential data disclosure, modification, or tampering. Tried and true impact is hig...

CVE-2024-45999

Cloudlog 2.6.15 contains a SQL injection vulnerability in get_station_info() within /application/models/Oqrs_model.php, exploitable via the station_id parameter. Sources across Red Hat, NVD, OSV, CNNVD, and other feeds confirm the issue. The vulnerability is a SQL injection, enabling potential un...

CVE-2024-44065

CVE-2024-44065 corresponds to a time-based blind SQL injection in Cloudlog v2.6.15 at /index.php/logbookadvanced/search via the qsoresults parameter. The vulnerability is described across multiple feeds (NVD, Red Hat, EUVD, CIRCL, OSV, CVE lists) with a CVSS v3.1 base score of 9.8 (CRITICAL) and ...

CVE-2025-64084

Cloudlog