{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-34102", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-04-15T19:15:22.556Z", "datePublished": "2025-07-10T19:16:01.206Z", "dateUpdated": "2025-07-11T13:18:34.823Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["cryptolog/login.php", "cryptolog/logshares_ajax.php"], "platforms": ["Linux"], "product": "CryptoLog", "vendor": "Crypttech", "versions": [{"lessThan": "ASP.NET rewrite (2009)", "status": "affected", "version": "unspecified PHP versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mehmet Ince"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in <code>login.php</code> to bypass authentication, followed by command injection in <code>logshares_ajax.php</code> to execute arbitrary operating system commands.</p>\n<p>The login bypass is achieved by submitting crafted SQL via the <code>user</code> POST parameter. Once authenticated, the attacker can abuse the <code>lsid</code> POST parameter in the <code>logshares_ajax.php</code> endpoint to inject and execute a command using <code>$(...)</code> syntax, resulting in code execution under the web context.</p>\n<p>This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.</p>"}], "value": "A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands.\n\n\nThe login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context.\n\n\nThis exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}, {"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}, {"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}, {"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-07-10T19:16:01.206Z"}, "references": [{"tags": ["third-party-advisory", "exploit", "technical-description"], "url": "https://pentest.blog/advisory-cryptolog-unauthenticated-remote-code-execution/"}, {"tags": ["exploit"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb"}, {"tags": ["third-party-advisory"], "url": "https://vulncheck/advisories/cryptolog-unauthenticated-rce"}, {"tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/41980"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "title": "CryptoLog Unauthenticated RCE via SQL Injection and Command Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-11T13:18:19.081747Z", "id": "CVE-2025-34102", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T13:18:34.823Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-34102", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-11T13:18:19.081747Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-10T20:28:46.248Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "CryptoLog Unauthenticated RCE via SQL Injection and Command Injection", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Mehmet Ince"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}, {"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}, {"capecId": "CAPEC-137", "descriptions": [{"lang": "en", "value": "CAPEC-137 Parameter Injection"}]}, {"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Crypttech", "modules": ["cryptolog/login.php", "cryptolog/logshares_ajax.php"], "product": "CryptoLog", "versions": [{"status": "affected", "version": "unspecified PHP versions", "lessThan": "ASP.NET rewrite (2009)", "versionType": "custom"}], "platforms": ["Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://pentest.blog/advisory-cryptolog-unauthenticated-remote-code-execution/", "tags": ["third-party-advisory", "exploit", "technical-description"]}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb", "tags": ["exploit"]}, {"url": "https://vulncheck/advisories/cryptolog-unauthenticated-rce", "tags": ["third-party-advisory"]}, {"url": "https://www.exploit-db.com/exploits/41980", "tags": ["exploit"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands.\n\n\nThe login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context.\n\n\nThis exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.", "supportingMedia": [{"type": "text/html", "value": "<p>A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in <code>login.php</code> to bypass authentication, followed by command injection in <code>logshares_ajax.php</code> to execute arbitrary operating system commands.</p>\n<p>The login bypass is achieved by submitting crafted SQL via the <code>user</code> POST parameter. Once authenticated, the attacker can abuse the <code>lsid</code> POST parameter in the <code>logshares_ajax.php</code> endpoint to inject and execute a command using <code>$(...)</code> syntax, resulting in code execution under the web context.</p>\n<p>This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-07-10T19:16:01.206Z"}}}, "cveMetadata": {"cveId": "CVE-2025-34102", "state": "PUBLISHED", "dateUpdated": "2025-07-11T13:18:34.823Z", "dateReserved": "2025-04-15T19:15:22.556Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-07-10T19:16:01.206Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "[email protected]", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands.\n\n\nThe login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context.\n\n\nThis exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en CryptoLog (versi\u00f3n PHP, descontinuada desde 2009) debido a la explotaci\u00f3n encadenada de vulnerabilidades de inyecci\u00f3n SQL e inyecci\u00f3n de comandos. Un atacante no autenticado puede obtener acceso al shell como usuario del servidor web explotando primero una falla de inyecci\u00f3n SQL en login.php para eludir la autenticaci\u00f3n, y luego inyectando comandos en logshares_ajax.php para ejecutar comandos arbitrarios del sistema operativo. La omisi\u00f3n del inicio de sesi\u00f3n se logra enviando SQL manipulado mediante el par\u00e1metro POST del usuario. Una vez autenticado, el atacante puede abusar del par\u00e1metro POST lsid en el endpoint logshares_ajax.php para inyectar y ejecutar un comando con la sintaxis $(...), lo que resulta en la ejecuci\u00f3n de c\u00f3digo en el contexto web. Esta forma de explotaci\u00f3n no existe en la versi\u00f3n ASP.NET de CryptoLog publicada desde 2009."}], "id": "CVE-2025-34102", "lastModified": "2025-07-15T13:14:49.980", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-07-10T20:15:26.030", "references": [{"source": "[email protected]", "url": "https://pentest.blog/advisory-cryptolog-unauthenticated-remote-code-execution/"}, {"source": "[email protected]", "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb"}, {"source": "[email protected]", "url": "https://vulncheck/advisories/cryptolog-unauthenticated-rce"}, {"source": "[email protected]", "url": "https://www.exploit-db.com/exploits/41980"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-78"}, {"lang": "en", "value": "CWE-89"}, {"lang": "en", "value": "CWE-306"}], "source": "[email protected]", "type": "Secondary"}]}

{}