Vishalmathur Cloudclassroom-Php Project vulnerabilities
8 known vulnerabilities affecting vishalmathur/cloudclassroom-php_project.
Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-45542P3HIGHCVSS 7.3PoCv1.02025-06-02
CVE-2025-45542 [HIGH] CWE-89 CVE-2025-45542: SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
nvd
CVE-2025-26199P2CRITICALCVSS 9.8v1.02025-06-18
CVE-2025-26199 [CRITICAL] CWE-319 CVE-2025-26199: CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. Th
CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromis
nvd
CVE-2025-26198P3CRITICALCVSS 9.8v1.02025-06-18
CVE-2025-26198 [CRITICAL] CWE-89 CVE-2025-26198: CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmi
CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unau
nvd
CVE-2025-46179P3CRITICALCVSS 9.8v1.02025-06-20
CVE-2025-46179 [CRITICAL] CWE-89 CVE-2025-46179: A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project
A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries.
nvd
CVE-2024-57459P3HIGHCVSS 7.3v1.02025-06-02
CVE-2024-57459 [HIGH] CWE-89 CVE-2024-57459: A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Pr
A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.
nvd
CVE-2025-44608P3MEDIUMCVSS 6.5v1.02025-07-25
CVE-2025-44608 [MEDIUM] CWE-89 CVE-2025-44608: CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the view
CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.
nvd
CVE-2024-57423P4MEDIUMCVSS 6.1v1.02025-02-26
CVE-2024-57423 [MEDIUM] CWE-79 CVE-2024-57423: A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to
A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function.
nvd
CVE-2025-46178P4MEDIUMCVSS 6.1v1.02025-06-09
CVE-2025-46178 [MEDIUM] CWE-79 CVE-2025-46178: Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudCl
Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.
nvd