Critical severity9.8NVD Advisory· Published Jun 18, 2025· Updated Jun 17, 2026
CVE-2025-26198
CVE-2025-26198
Description
CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unauthorized administrative access. The vulnerability is triggered when an attacker supplies specially crafted input in the username field, such as ' OR '1'='1, leading to complete compromise of the login mechanism and potential exposure of sensitive backend data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CloudClassroom-PHP-Project/CloudClassroom-PHP-Projectdescription
- Range: = 1.0
Patches
Vulnerability mechanics
References
1- gist.github.com/tansique-17/0776791b8edd4931216be452a6971f5envdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.