cbcvebase.

Vishalmathur Cloudclassroom-Php Project vulnerabilities

8 known vulnerabilities affecting vishalmathur/cloudclassroom-php_project.

Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2025-45542P3HIGHCVSS 7.3PoCv1.02025-06-02
CVE-2025-45542 [HIGH] CWE-89 CVE-2025-45542: SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
nvd
CVE-2025-26199P2CRITICALCVSS 9.8v1.02025-06-18
CVE-2025-26199 [CRITICAL] CWE-319 CVE-2025-26199: CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. Th CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromis
nvd
CVE-2025-26198P3CRITICALCVSS 9.8v1.02025-06-18
CVE-2025-26198 [CRITICAL] CWE-89 CVE-2025-26198: CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmi CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unau
nvd
CVE-2025-46179P3CRITICALCVSS 9.8v1.02025-06-20
CVE-2025-46179 [CRITICAL] CWE-89 CVE-2025-46179: A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries.
nvd
CVE-2024-57459P3HIGHCVSS 7.3v1.02025-06-02
CVE-2024-57459 [HIGH] CWE-89 CVE-2024-57459: A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Pr A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.
nvd
CVE-2025-44608P3MEDIUMCVSS 6.5v1.02025-07-25
CVE-2025-44608 [MEDIUM] CWE-89 CVE-2025-44608: CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the view CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.
nvd
CVE-2024-57423P4MEDIUMCVSS 6.1v1.02025-02-26
CVE-2024-57423 [MEDIUM] CWE-79 CVE-2024-57423: A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function.
nvd
CVE-2025-46178P4MEDIUMCVSS 6.1v1.02025-06-09
CVE-2025-46178 [MEDIUM] CWE-79 CVE-2025-46178: Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudCl Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.
nvd
Vishalmathur Cloudclassroom-Php Project vulnerabilities | cvebase