8 matches found
CVE-2025-45542
CVE-2025-45542 affects CloudClassroom-PHP-Project v1.0, specifically the registrationform endpoint where the pass parameter is not properly validated, enabling a time-based blind SQL injection. Multiple connected sources corroborate that an unauthenticated remote attacker can manipulate backend S...
CVE-2024-57423
CVE-2024-57423 describes a Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0, where the exid parameter of the assessment function can be exploited to execute arbitrary code by a remote attacker. The NVD entry assigns CVSS‑3.1 metrics: AV:N, AC:L, PR:N, UI:R, S:C, C:L/I:L/A:N, ...
CVE-2024-57459
CVE-2024-57459 describes a time-based SQL injection in the CloudClassroom PHP Project 1.0, stemming from improper validation of the myds parameter in mydetailsstudent.php. This allows arbitrary SQL execution via the input, as detailed in multiple connected records. The vulnerability affects the m...
CVE-2025-46178
The CVE-2025-46178 entry pertains to a Cross-Site Scripting (XSS) vulnerability in the CloudClassroom PHP Project, specifically in the askquery.php file via the eid parameter. The flaw allows remote attackers to inject arbitrary JavaScript in the context of a victim browser session, potentially l...
CVE-2025-26198
CVE-2025-26198 — CloudClassroom-PHP-Project v1.0 suffers a critical SQL Injection in the admin login path (loginlinkadmin.php) where unsanitized input is used directly in SQL queries. This enables unauthenticated users to bypass authentication and gain full admin access, potentially exposing or m...
CVE-2025-26199
CloudClassroom-PHP-Project v1.0 is affected by insecure credential transmission: login credentials are sent over HTTP, enabling MitM exposure. A compromised session could allow an attacker to login and potentially trigger administrative actions (e.g., file uploads) leading to remote code executio...
CVE-2025-44608
CVE-2025-44608 affects CloudClassroom-PHP Project version 1.0, with a SQL injection vulnerability injectable via the viewid parameter. Root cause: unvalidated input in viewid leads to SQL injection. Practical impact stated in connected docs includes potential remote code execution (RCE) demonstra...
CVE-2025-46179
CloudClassroom-PHP Project v1.0 contains a SQL injection in askquery.php via the unsanitized squeryx parameter, which is passed directly into backend SQL queries. This vulnerability has a CVSSv3.1 base score of 9.8 (CRITICAL) with network attack vector, low attack complexity, no privileges, no us...