CVE-2026-2058
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Description
A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
Analysis
SQL injection in CloudClassroom-PHP-Project's /postquerypublic.php endpoint allows unauthenticated remote attackers to manipulate the gnamex parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, and the vendor has not provided patches despite early disclosure notification. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Audit all instances of CloudClassroom-PHP-Project in your environment and document versions; restrict network access to /postquerypublic.php to authorized users only via firewall/WAF rules. Within 7 days: Implement input validation and output encoding controls on the affected component; consider disabling the Post Query Details feature if non-critical; enable enhanced logging and monitoring for suspicious activity on this endpoint. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today