Description

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vucc_details_ajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated attacker to execute arbitrary SQL commands by injecting a malicious payload, which is then concatenated directly into a raw SQL query in the vucc_qso_details function.

INFO

Published Date :

2025-11-14T00:00:00.000Z

Last Modified :

2025-11-16T21:03:47.185Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64084 vulnerability.

Vendors Products
Cloudlog
  • Cloudlog
Magicbug
  • Cloudlog
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64084.

URL Resource
https://github.com/XY20130630/Cloudlog/security/advisories/GHSA-4r9r-3r3q-jg44 cve-icon cve-icon
https://github.com/magicbug/Cloudlog/commit/72a8c3d705c8629f60f64da9f37968417c980242 cve-icon cve-icon
https://github.com/magicbug/Cloudlog/releases/tag/2.7.6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact