Vishalmathur

Cloudclassroom-php Project

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-44608

Exploit
  • EPSS 0.05%
  • Veröffentlicht 25.07.2025 15:15:29
  • Zuletzt bearbeitet 07.08.2025 01:11:37

CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.

9.8

CVE-2025-46179

Exploit
  • EPSS 0.05%
  • Veröffentlicht 20.06.2025 00:00:00
  • Zuletzt bearbeitet 26.06.2025 14:48:11

A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries.

9.8

CVE-2025-26198

Exploit
  • EPSS 0.44%
  • Veröffentlicht 18.06.2025 00:00:00
  • Zuletzt bearbeitet 09.07.2025 18:31:21

CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allow...

9.8

CVE-2025-26199

Exploit
  • EPSS 0.5%
  • Veröffentlicht 18.06.2025 00:00:00
  • Zuletzt bearbeitet 09.07.2025 18:25:05

CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-...

6.1

CVE-2025-46178

  • EPSS 0.03%
  • Veröffentlicht 09.06.2025 00:00:00
  • Zuletzt bearbeitet 02.07.2025 17:50:32

Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL...

7.3

CVE-2025-45542

Exploit
  • EPSS 0.22%
  • Veröffentlicht 02.06.2025 00:00:00
  • Zuletzt bearbeitet 13.06.2025 17:45:40

SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.

7.3

CVE-2024-57459

  • EPSS 0.03%
  • Veröffentlicht 02.06.2025 00:00:00
  • Zuletzt bearbeitet 13.06.2025 16:29:02

A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.

6.1

CVE-2024-57423

Exploit
  • EPSS 0.14%
  • Veröffentlicht 26.02.2025 21:15:18
  • Zuletzt bearbeitet 07.04.2025 18:45:18

A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function.