{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-22T18:38:27.196","vulnerabilities":[{"cve":{"id":"CVE-2025-34102","sourceIdentifier":"disclosure@vulncheck.com","published":"2025-07-10T20:15:26.030","lastModified":"2026-06-17T09:13:28.150","vulnStatus":"Deferred","cveTags":[{"sourceIdentifier":"disclosure@vulncheck.com","tags":["unsupported-when-assigned"]}],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands.\n\n\nThe login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context.\n\n\nThis exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009."},{"lang":"es","value":"Existe una vulnerabilidad de ejecución remota de código en CryptoLog (versión PHP, descontinuada desde 2009) debido a la explotación encadenada de vulnerabilidades de inyección SQL e inyección de comandos. Un atacante no autenticado puede obtener acceso al shell como usuario del servidor web explotando primero una falla de inyección SQL en login.php para eludir la autenticación, y luego inyectando comandos en logshares_ajax.php para ejecutar comandos arbitrarios del sistema operativo. La omisión del inicio de sesión se logra enviando SQL manipulado mediante el parámetro POST del usuario. Una vez autenticado, el atacante puede abusar del parámetro POST lsid en el endpoint logshares_ajax.php para inyectar y ejecutar un comando con la sintaxis $(...), lo que resulta en la ejecución de código en el contexto web. Esta forma de explotación no existe en la versión ASP.NET de CryptoLog publicada desde 2009."}],"affected":[{"source":"disclosure@vulncheck.com","affectedData":[{"vendor":"Crypttech","product":"CryptoLog","defaultStatus":"unaffected","modules":["cryptolog/login.php","cryptolog/logshares_ajax.php"],"platforms":["Linux"],"versions":[{"version":"unspecified PHP versions","lessThan":"ASP.NET rewrite (2009)","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"disclosure@vulncheck.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-07-11T13:18:19.081747Z","id":"CVE-2025-34102","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"disclosure@vulncheck.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-78"},{"lang":"en","value":"CWE-89"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://pentest.blog/advisory-cryptolog-unauthenticated-remote-code-execution/","source":"disclosure@vulncheck.com"},{"url":"https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb","source":"disclosure@vulncheck.com"},{"url":"https://vulncheck/advisories/cryptolog-unauthenticated-rce","source":"disclosure@vulncheck.com"},{"url":"https://www.exploit-db.com/exploits/41980","source":"disclosure@vulncheck.com"}]}}]}