CVE-2025-64084

Name of the Vulnerable Software and Affected Versions Cloudlog versions 2.7.5 and earlier

Description An authenticated SQL injection issue exists. The vucc details ajax function within the application/controllers/Awards.php file does not properly sanitize the Gridsquare POST parameter provided by the user. This allows a remote, authenticated attacker to execute arbitrary SQL commands by injecting a malicious payload. The payload is then directly concatenated into a raw SQL query within the vucc qso details function.

Recommendations Versions prior to 2.7.5 should be updated.