CNNVD-202511-1723 Information
CNNVD ID
CNNVD-202511-1723
Related CVE
- CNNVD Published: 2025-11-14
Description (Chinese)
Cloudlog是Peter Goodhall个人开发者的一个自托管的 PHP 应用程序。允许在任何地方记录业余无线电联系人。 Cloudlog 2.7.5及之前版本存在安全漏洞,该漏洞源于Awards.php中vucc_details_ajax函数未正确清理Gridsquare参数,可能导致SQL注入攻击。
Description (English)
Cloudlog is a private PHP application for Peter Goodhall personal developers. Amateur radio contacts are allowed to be recorded anywhere. Claudlog 2.7.5 and previous versions contain a security loophole that stems from the incorrect clean-up of the Gridsquare parameter in the Awards.php. vucc details ajax function, which could lead to an SQL injection attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-11-14
Last Modified
2026-02-24
References
https://github.com/XY20130630/Cloudlog/security/advisories/GHSA-4r9r-3r3q-jg44 https://github.com/magicbug/Cloudlog/commit/72a8c3d705c8629f60f64da9f37968417c980242 https://github.com/magicbug/Cloudlog/releases/tag/2.7.6 https://access.redhat.com/security/cve/cve-2025-64084
Patch
https://github.com/magicbug/Cloudlog/releases
Share on: