CVE-2025-34102

UNKNOWN 0.0

CryptoLog Unauthenticated RCE via SQL Injection and Command Injection

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a SQL injection flaw in login.php to bypass authentication, followed by command injection in logshares_ajax.php to execute arbitrary operating system commands. The login bypass is achieved by submitting crafted SQL via the user POST parameter. Once authenticated, the attacker can abuse the lsid POST parameter in the logshares_ajax.php endpoint to inject and execute a command using $(...) syntax, resulting in code execution under the web context. This exploitation path does not exist in the ASP.NET version of CryptoLog released since 2009.

CWE	CWE-89 CWE-78 CWE-306 CWE-20
Vendor	crypttech
Product	cryptolog
Published	Jul 10, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for crypttech cryptolog

Be the first to know when new unknown vulnerabilities affecting crypttech cryptolog are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Crypttech / CryptoLog

unspecified PHP versions < ASP.NET rewrite (2009)

References

NVD ↗ CVE.org ↗ EPSS Data ↗

pentest.blog: https://pentest.blog/advisory-cryptolog-unauthenticated-remote-code-execution/ raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/crypttech_cryptolog_login_exec.rb vulncheck: https://vulncheck/advisories/cryptolog-unauthenticated-rce exploit-db.com: https://www.exploit-db.com/exploits/41980

Credits

Mehmet Ince