CVE-2024-48249

Name of the Vulnerable Software and Affected Versions Wavelog version 1.8.5

Description The issue allows SQL injection via the band, sat, propagation, or mode variables in the get band confirmed function of Gridmap model.php. This can potentially lead to unauthorized access or manipulation of data.

Recommendations For Wavelog version 1.8.5, consider disabling the get band confirmed function in Gridmap model.php until a patch is available to prevent SQL injection attacks via the band, sat, propagation, or mode variables. Restrict access to the Gridmap model.php file to minimize the risk of exploitation. Avoid using the variables band, sat, propagation, or mode in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.