CVE-2025-64084

Published: Nov 14, 2025

Modified: Nov 16, 2025

PUBLISHED

Description

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vucc_details_ajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated attacker to execute arbitrary SQL commands by injecting a malicious payload, which is then concatenated directly into a raw SQL query in the vucc_qso_details function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/magicbug/Cloudlog/commit/72a8c3d705c8629f60f64da9f37968417c980242

https://github.com/magicbug/Cloudlog/releases/tag/2.7.6

https://github.com/XY20130630/Cloudlog/security/advisories/GHSA-4r9r-3r3q-jg44

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-64084

Description

Affected Products

References