CVE-2024-48259

Name of the Vulnerable Software and Affected Versions Cloudlog version 2.6.15

Description The issue concerns an SQL injection vulnerability in Cloudlog's Oqrs.php request form, which can be exploited via the station id or callsign variables. This vulnerability allows attackers to manipulate the SQL queries, potentially leading to unauthorized access or data modification. The estimated number of potentially affected devices and real-world incidents are not specified.

Recommendations For Cloudlog version 2.6.15, consider disabling the Oqrs.php request form or restricting access to it until a patch is available. Avoid using the station id and callsign variables in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.