CVE-2024-48257

Name of the Vulnerable Software and Affected Versions Wavelog version 1.8.5

Description The issue is related to an SQL injection vulnerability in the Oqrs model.php file, specifically through the station id parameter in the get worked modes function. This vulnerability allows for SQL injection attacks.

Recommendations For Wavelog version 1.8.5, consider disabling the get worked modes function in Oqrs model.php until a patch is available to prevent SQL injection attacks. Restrict access to the Oqrs model.php file to minimize the risk of exploitation. Avoid using the station id parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.