Lucene search
K

94 matches found

Vulnrichment
Vulnrichment
added 2025/06/18 12:0 a.m.4 views

CVE-2025-26198

CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary...

9.8AI score0.00572EPSS
Exploits4References2
CVE
CVE
added 2025/06/18 12:0 a.m.26 views

CVE-2025-26198

CVE-2025-26198 — CloudClassroom-PHP-Project v1.0 suffers a critical SQL Injection in the admin login path (loginlinkadmin.php) where unsanitized input is used directly in SQL queries. This enables unauthenticated users to bypass authentication and gain full admin access, potentially exposing or m...

9.8CVSS9.8AI score0.00572EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2025/06/18 12:0 a.m.12 views

CVE-2025-26198

CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary...

0.00572EPSS
Exploits4References2
RedhatCVE
RedhatCVE
added 2025/06/11 12:6 a.m.8 views

CVE-2025-46178

Cross-Site Scripting XSS vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement...

6.1CVSS5.9AI score0.00334EPSS
Exploits0References1
NVD
NVD
added 2025/06/09 4:15 p.m.8 views

CVE-2025-46178

Cross-Site Scripting XSS vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement...

6.1CVSS0.00334EPSS
Exploits0References1
OSV
OSV
added 2025/06/09 4:15 p.m.6 views

CVE-2025-46178

Cross-Site Scripting XSS vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement...

6.1CVSS5.9AI score0.00334EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/09 12:0 a.m.5 views

CVE-2025-46178

Cross-Site Scripting XSS vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement...

5.9AI score0.00334EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/09 12:0 a.m.4 views

CloudClassroom-PHP-Project 安全漏洞

CloudClassroom-PHP-Project is a cloud classroom website by the individual developer Vishal Mathur. CloudClassroom-PHP-Project has a security vulnerability that stems from the eid parameter in askquery.php being vulnerable to cross-site scripting attacks, which could lead to session hijacking or...

6.1CVSS6.1AI score0.00334EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.8 views

PT-2025-24501 · Unknown · Cloudclassroom-Php Project

Name of the Vulnerable Software and Affected Versions: CloudClassroom PHP Project affected versions not specified Description: A Cross-Site Scripting XSS issue exists in the CloudClassroom PHP Project, specifically in the askquery.php file, via the eid parameter. This allows remote attackers to...

6.1CVSS5.8AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/06/09 12:0 a.m.15 views

CVE-2025-46178

Cross-Site Scripting XSS vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement...

0.00334EPSS
Exploits0References1
CVE
CVE
added 2025/06/09 12:0 a.m.51 views

CVE-2025-46178

The CVE-2025-46178 entry pertains to a Cross-Site Scripting (XSS) vulnerability in the CloudClassroom PHP Project, specifically in the askquery.php file via the eid parameter. The flaw allows remote attackers to inject arbitrary JavaScript in the context of a victim browser session, potentially l...

6.1CVSS6AI score0.00334EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2025/06/05 12:0 a.m.342 views

CloudClassroom PHP Project 1.0 - SQL Injection

Exploit Title: CloudClassroom PHP Project 1.0 - SQL Injection Google Dork: inurl:CloudClassroom-PHP-Project-master Date: 2025-05-30 Exploit Author: Sanjay Singh Vendor Homepage: https://github.com/mathurvishal/CloudClassroom-PHP-Project Software Link:...

7.3CVSS7.4AI score0.00995EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/06/04 12:14 a.m.7 views

CVE-2025-45542

SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries...

7.3CVSS7.9AI score0.00995EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/06/04 12:14 a.m.7 views

CVE-2024-57459

A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands...

7.3CVSS7.9AI score0.00211EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/06/03 12:0 a.m.178 views

📄 CloudClassroom PHP Project 1.0 SQL Injection

CloudClassroom PHP Project version 1.0 suffers from a time-based blind remote SQL Injection vulnerability. Hello Full Disclosure list, I am sharing details of a newly assigned CVE affecting an open-source educational software project:...

7.3CVSS8.8AI score0.00995EPSS
Exploits3
NVD
NVD
added 2025/06/02 4:15 p.m.11 views

CVE-2025-45542

SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries...

7.3CVSS0.00995EPSS
Exploits3References3
OSV
OSV
added 2025/06/02 4:15 p.m.3 views

CVE-2024-57459

A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands...

7.3CVSS5.9AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2025/06/02 4:15 p.m.20 views

CVE-2024-57459

A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands...

7.3CVSS0.00211EPSS
Exploits0References2
CVE
CVE
added 2025/06/02 12:0 a.m.61 views

CVE-2025-45542

CVE-2025-45542 affects CloudClassroom-PHP-Project v1.0, specifically the registrationform endpoint where the pass parameter is not properly validated, enabling a time-based blind SQL injection. Multiple connected sources corroborate that an unauthenticated remote attacker can manipulate backend S...

7.3CVSS7.9AI score0.00995EPSS
Exploits3References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/02 12:0 a.m.4 views

PT-2025-23532 · Unknown · Cloudclassroom-Php Project

Name of the Vulnerable Software and Affected Versions: CloudClassroom-PHP-Project version 1.0 Description: A SQL injection vulnerability exists in the registrationform endpoint of CloudClassroom-PHP-Project due to improper input validation, allowing attackers to inject SQL queries. The pass...

7.3CVSS7.7AI score0.00995EPSS
Exploits3References12
Rows per page
Query Builder