Description
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands.


The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context.


This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.
Published: 2025-07-10
Score: 9.3 Critical
EPSS: 60.0% High
KEV: No
Impact: Remote code execution via unauthenticated SQL injection and command injection
Action: Immediate Fix
AI Analysis

Impact

A PHP-based instance of CryptoLog is vulnerable to an unauthenticated remote code execution (RCE) attack that chains two separate weaknesses. An attacker can inject a malicious SQL statement into the user field of login.php, bypassing authentication and achieving session establishment. With this foothold, the attacker targets the lsid parameter of logshares_ajax.php, exploiting a command injection vulnerability that allows the execution of arbitrary operating system commands using the $(...) syntax. The result is that the attacker obtains a shell running as the web server user, compromising confidentiality, integrity, and availability of the affected system. The weakness is driven by input validation failures (CWE‑20), lack of authentication (CWE‑306), dangerous command execution (CWE‑78), and SQL injection (CWE‑89).

Affected Systems

Crypttech CryptoLog (PHP version, discontinued since 2009) is affected, specifically the login.php and logshares_ajax.php endpoints. No specific version numbers are listed beyond the general PHP edition of CryptoLog.

Risk and Exploitability

The CVSS score of 9.3 reflects the high severity of the vulnerability, and the EPSS score of 60% indicates that exploitation is fairly likely in the wild. Although the vulnerability is not currently listed in the CISA KEV catalog, its high likelihood of exploitation and the ability for attackers to gain server-level access present a significant risk. The attack vector is web-based and requires no authentication, making it attractive to automated exploit tools.

Generated by OpenCVE AI on April 28, 2026 at 01:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch or upgrade CryptoLog to a newer version that removes the login.php and logshares_ajax.php vulnerabilities; if the software is no longer maintained, consider replacing it with a supported solution.
  • Disable or remove the login.php and logshares_ajax.php files from the deployed instance if the application no longer requires them; this eliminates the specific attack surface.
  • Implement an application‑layer firewall or web application firewall to block SQL injection patterns and command injection attempts targeting the remaining endpoints, and enforce strict input validation to mitigate similar weaknesses in the future.

Generated by OpenCVE AI on April 28, 2026 at 01:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21029 A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands. The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context. This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00691}

 epss

{'score': 0.0079}

Fri, 11 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00691}

Fri, 11 Jul 2025 13:30:00 +0000

Type Values Removed Values Added
Metrics epss

{}

Thu, 10 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 10 Jul 2025 19:30:00 +0000

Type Values Removed Values Added
Description A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands. The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context. This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.
Title CryptoLog Unauthenticated RCE via SQL Injection and Command Injection
Weaknesses CWE-20
CWE-306
CWE-78
CWE-89
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:09:31.908Z

Reserved: 2025-04-15T19:15:22.556Z

Link: CVE-2025-34102

cve-icon Vulnrichment

Updated: 2025-07-10T20:28:46.248Z

cve-icon NVD

Status : Deferred

Published: 2025-07-10T20:15:26.030

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34102

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T01:15:15Z

Weaknesses