magicbug/Cloudlog

GitHub

github.com

www.cloudlog.co.uk

Releases73

Frequency4 weeks 15 hours

Last Release about 1 month ago

Stars559

Cloudlog is a web-based amateur radio logging application built with PHP and MySQL. It supports a wide range of station logging activities, from HF to microwave, and integrates with companion tools for CAT control and automation.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-44065 ↗	Dec 26, 2025Friday, 26 December 2025, 17:15	9.8 CRITICAL	—
Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter.
CVE-2025-64084 ↗	Nov 14, 2025Friday, 14 November 2025, 21:15	5.4 MEDIUM	—
An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vucc_details_ajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated attacker to execute arbitrary SQL commands by injecting a malicious payload, which is then concatenated directly into a raw SQL query in the vucc_qso_details function.
CVE-2024-48259 ↗	Oct 14, 2024Monday, 14 October 2024, 15:15	7.3 HIGH	—
Cloudlog 2.6.15 allows Oqrs.php request_form SQL injection via station_id or callsign.
CVE-2024-48253 ↗	Oct 14, 2024Monday, 14 October 2024, 14:15	9.8 CRITICAL	—
Cloudlog 2.6.15 allows Oqrs.php delete_oqrs_line id SQL injection.
CVE-2024-48255 ↗	Oct 14, 2024Monday, 14 October 2024, 14:15	9.8 CRITICAL	—
Cloudlog 2.6.15 allows Oqrs.php get_station_info station_id SQL injection.