Description

A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands. The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context. This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.

INFO

Published Date :

2025-07-10T19:16:01.206Z

Last Modified :

2026-04-07T14:09:31.908Z

Source :

VulnCheck
AFFECTED PRODUCTS

The following products are affected by CVE-2025-34102 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-34102.

URL Resource
https://pentest.blog/advisory-cryptolog-unauthenticated-remote-code-execution/ cve-icon cve-icon
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb cve-icon cve-icon
https://vulncheck/advisories/cryptolog-unauthenticated-rce cve-icon cve-icon
https://www.exploit-db.com/exploits/41980 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability