CVE-2024-44065 – CVE-2024-44065 is a critical SQL injection vuln... (How to Fix)

Q: What is the severity of CVE-2024-44065?

CVE-2024-44065 has a CVSS score of 9.8 (CRITICAL). CVE-2024-44065 is a critical SQL injection vulnerability in Cloudlog v2.6.15 that allows attackers to execute arbitrary SQL commands through the qsoresults parameter. This affects all Cloudlog installations running the vulnerable version, potentially exposing sensitive database information.

📋 TL;DR

CVE-2024-44065 is a critical SQL injection vulnerability in Cloudlog v2.6.15 that allows attackers to execute arbitrary SQL commands through the qsoresults parameter. This affects all Cloudlog installations running the vulnerable version, potentially exposing sensitive database information.

💻 Affected Systems

Products:

Cloudlog

Versions: v2.6.15

Operating Systems: All operating systems running Cloudlog

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of Cloudlog v2.6.15 are vulnerable regardless of configuration.

📦 What is this software?

Cloudlog by Magicbug

View all CVEs affecting Cloudlog →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise including extraction of all stored data, authentication bypass, and potential remote code execution if database permissions allow.

🟠

Likely Case

Data exfiltration of sensitive amateur radio logs, user credentials, and configuration data leading to privacy violations and system compromise.

🟢

If Mitigated

Limited information disclosure if input validation and parameterized queries are implemented, with minimal impact on system integrity.

🌐 Internet-Facing: HIGH - The vulnerable endpoint is accessible via web interface, making internet-facing instances immediately exploitable.

🏢 Internal Only: HIGH - Even internal instances are vulnerable to authenticated or network-accessible attackers.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authentication to access the /index.php/logbookadvanced/search endpoint, but SQL injection payloads are straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.6.16 or later

Vendor Advisory: https://github.com/magicbug/Cloudlog

Restart Required: No

Instructions:

1. Backup your Cloudlog installation and database. 2. Download the latest version from GitHub. 3. Replace vulnerable files with patched versions. 4. Verify the fix by testing the vulnerable endpoint.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation to sanitize the qsoresults parameter before processing

Modify /application/controllers/Logbookadvanced.php to add parameter validation

WAF Rule

all

Implement web application firewall rules to block SQL injection patterns

Add WAF rule: deny requests containing SQL keywords in qsoresults parameter

🧯 If You Can't Patch

Restrict access to the /index.php/logbookadvanced/search endpoint using network ACLs or authentication requirements
Implement database query logging and monitoring to detect injection attempts

🔍 How to Verify

Check if Vulnerable:

Test the endpoint with SQL injection payloads like: /index.php/logbookadvanced/search?qsoresults=1' AND SLEEP(5)--

Check Version:

Check Cloudlog version in /application/config/version.php or admin interface

Verify Fix Applied:

Attempt the same SQL injection test after patching; should return normal response without delay

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by access to search endpoint
Requests containing SQL keywords like UNION, SELECT, SLEEP in qsoresults parameter

Network Indicators:

Unusual traffic patterns to /index.php/logbookadvanced/search
Multiple similar requests with varying qsoresults parameters

SIEM Query:

source="web_logs" AND uri_path="/index.php/logbookadvanced/search" AND (query_string="*qsoresults=*SLEEP*" OR query_string="*qsoresults=*UNION*" OR query_string="*qsoresults=*SELECT*")

📊 Metadata

CVE ID: CVE-2024-44065

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.04% exploit probability (13.2th percentile)

Published: December 26, 2025

Last Updated: December 31, 2025

🔗 References

https://github.com/jacopo1223/jacopo.github/tree/main/CVE-2024-44065 Third Party Advisory
https://github.com/magicbug/Cloudlog Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-44065, you might also want to check these: