CloudClassroom-PHP
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-45542 | 0.03 | — | 0.01 | Jun 2, 2025 | SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | |||
| CVE-2025-44608 | 0.00 | — | 0.00 | Jul 25, 2025 | CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter. | |||
| CVE-2025-46179 | 0.00 | — | 0.00 | Jun 20, 2025 | A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries. | |||
| CVE-2025-26199 | 0.00 | — | 0.03 | Jun 18, 2025 | CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execution depending on the environment. | |||
| CVE-2025-26198 | 0.00 | — | 0.01 | Jun 18, 2025 | CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unauthorized administrative access. The vulnerability is triggered when an attacker supplies specially crafted input in the username field, such as ' OR '1'='1, leading to complete compromise of the login mechanism and potential exposure of sensitive backend data. | |||
| CVE-2024-57459 | 0.00 | — | 0.00 | Jun 2, 2025 | A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands. |
- CVE-2025-45542Jun 2, 2025risk 0.03cvss —epss 0.01
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
- CVE-2025-44608Jul 25, 2025risk 0.00cvss —epss 0.00
CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.
- CVE-2025-46179Jun 20, 2025risk 0.00cvss —epss 0.00
A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries.
- CVE-2025-26199Jun 18, 2025risk 0.00cvss —epss 0.03
CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execution depending on the environment.
- CVE-2025-26198Jun 18, 2025risk 0.00cvss —epss 0.01
CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unauthorized administrative access. The vulnerability is triggered when an attacker supplies specially crafted input in the username field, such as ' OR '1'='1, leading to complete compromise of the login mechanism and potential exposure of sensitive backend data.
- CVE-2024-57459Jun 2, 2025risk 0.00cvss —epss 0.00
A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.