Cloudclassroom Php Project
Monthly
SQL injection in CloudClassroom-PHP-Project's /postquerypublic.php endpoint allows unauthenticated remote attackers to manipulate the gnamex parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, and the vendor has not provided patches despite early disclosure notification. Affected systems using this PHP application up to commit 5dadec098bfbbf3300d60c3494db3fb95b66e7be are at immediate risk of data theft or manipulation.
CVE-2025-46179 is a critical SQL injection vulnerability in CloudClassroom-PHP Project v1.0's askquery.php file, where the 'squeryx' parameter is passed directly into SQL queries without sanitization. This affects all installations of CloudClassroom-PHP v1.0 and allows unauthenticated remote attackers to execute arbitrary SQL commands, potentially leading to complete database compromise including data exfiltration, modification, and denial of service. The vulnerability has a CVSS 9.8 score reflecting its network-based exploitability with no authentication or user interaction required; active exploitation status and POC availability are unknown from the provided data.
A remote code execution vulnerability in CloudClassroom-PHP-Project v1.0 (CVSS 9.8). Risk factors: public PoC available.
CloudClassroom-PHP-Project v1.0 contains a critical SQL injection vulnerability in the loginlinkadmin.php component that allows unauthenticated attackers to bypass authentication and gain unauthorized administrative access by injecting malicious SQL payloads into the username field. With a CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interaction, this vulnerability poses immediate and severe risk to all deployments. While specific KEV status and EPSS data were not provided in the intelligence sources, the combination of complete authentication bypass capability, high CVSS score, and trivial exploitation complexity suggests this is actively exploitable and likely to be targeted by opportunistic attackers.
Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0, where the 'pass' parameter fails to properly validate user input, allowing unauthenticated attackers to inject arbitrary SQL queries over the network. This vulnerability can lead to confidentiality, integrity, and availability compromise with a CVSS score of 7.3 (High), though active exploitation status and proof-of-concept availability could not be verified from the provided data.
Time-based SQL injection vulnerability in the mydetailsstudent.php file of CloudClassroom PHP Project version 1.0, where the 'myds' parameter fails to properly validate user input, allowing unauthenticated remote attackers to inject and execute arbitrary SQL commands. The vulnerability has a CVSS score of 7.3 (High), indicating potential for data theft, modification, and service disruption. No KEV status or active exploitation data is provided in the current intelligence; however, the network-accessible nature (CVSS:3.1/AV:N) and low attack complexity suggest this represents a significant real-world risk if the affected application is internet-facing.
A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection in CloudClassroom-PHP-Project's /postquerypublic.php endpoint allows unauthenticated remote attackers to manipulate the gnamex parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, and the vendor has not provided patches despite early disclosure notification. Affected systems using this PHP application up to commit 5dadec098bfbbf3300d60c3494db3fb95b66e7be are at immediate risk of data theft or manipulation.
CVE-2025-46179 is a critical SQL injection vulnerability in CloudClassroom-PHP Project v1.0's askquery.php file, where the 'squeryx' parameter is passed directly into SQL queries without sanitization. This affects all installations of CloudClassroom-PHP v1.0 and allows unauthenticated remote attackers to execute arbitrary SQL commands, potentially leading to complete database compromise including data exfiltration, modification, and denial of service. The vulnerability has a CVSS 9.8 score reflecting its network-based exploitability with no authentication or user interaction required; active exploitation status and POC availability are unknown from the provided data.
A remote code execution vulnerability in CloudClassroom-PHP-Project v1.0 (CVSS 9.8). Risk factors: public PoC available.
CloudClassroom-PHP-Project v1.0 contains a critical SQL injection vulnerability in the loginlinkadmin.php component that allows unauthenticated attackers to bypass authentication and gain unauthorized administrative access by injecting malicious SQL payloads into the username field. With a CVSS score of 9.8 and network-accessible attack vector requiring no privileges or user interaction, this vulnerability poses immediate and severe risk to all deployments. While specific KEV status and EPSS data were not provided in the intelligence sources, the combination of complete authentication bypass capability, high CVSS score, and trivial exploitation complexity suggests this is actively exploitable and likely to be targeted by opportunistic attackers.
Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0, where the 'pass' parameter fails to properly validate user input, allowing unauthenticated attackers to inject arbitrary SQL queries over the network. This vulnerability can lead to confidentiality, integrity, and availability compromise with a CVSS score of 7.3 (High), though active exploitation status and proof-of-concept availability could not be verified from the provided data.
Time-based SQL injection vulnerability in the mydetailsstudent.php file of CloudClassroom PHP Project version 1.0, where the 'myds' parameter fails to properly validate user input, allowing unauthenticated remote attackers to inject and execute arbitrary SQL commands. The vulnerability has a CVSS score of 7.3 (High), indicating potential for data theft, modification, and service disruption. No KEV status or active exploitation data is provided in the current intelligence; however, the network-accessible nature (CVSS:3.1/AV:N) and low attack complexity suggest this represents a significant real-world risk if the affected application is internet-facing.
A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.