CVE-2025-34102
Severity CVSS v4.0:
CRITICAL
Type:
CWE-20
Input Validation
Publication date:
10/07/2025
Last modified:
10/07/2025
Description
A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands.<br />
<br />
<br />
The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context.<br />
<br />
<br />
This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.
Impact
Base Score 4.0
9.30
Severity 4.0
CRITICAL
References to Advisories, Solutions, and Tools
- https://pentest.blog/advisory-cryptolog-unauthenticated-remote-code-execution/
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb
- https://vulncheck/advisories/cryptolog-unauthenticated-rce
- https://www.exploit-db.com/exploits/41980