CVE-2024-45999

Name of the Vulnerable Software and Affected Versions Cloudlog version 2.6.15

Description A SQL Injection issue was discovered, specifically within the get station info() function located in the file /application/models/Oqrs model.php. The issue is exploitable via the station id parameter. This allows for remote code execution.

Recommendations For Cloudlog version 2.6.15, patch immediately and review logs for signs of compromise. As a temporary workaround, consider restricting access to the get station info() function until a patch is available. Avoid using the station id parameter in the affected API endpoint until the issue is resolved.