Cloudclassroom Php Project

cloudclassroom-php_project

Vendor: Vishalmathur • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-2058 1Vishalmathur 1Cloudclassroom Php Project Apr 29, 2026 Feb 6, 2026 5.5 MEDIUM· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page....Show more A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-44608 1Vishalmathur 1Cloudclassroom Php Project Aug 7, 2025 Jul 25, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.
CVE-2025-46179 1Vishalmathur 1Cloudclassroom Php Project Jun 26, 2025 Jun 20, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries.
CVE-2025-26199 1Vishalmathur 1Cloudclassroom Php Project Jul 9, 2025 Jun 18, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to pote...Show more CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execution depending on the environment.Show less
CVE-2025-26198 1Vishalmathur 1Cloudclassroom Php Project Jul 9, 2025 Jun 18, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including...Show more CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unauthorized administrative access. The vulnerability is triggered when an attacker supplies specially crafted input in the username field, such as ' OR '1'='1, leading to complete compromise of the login mechanism and potential exposure of sensitive backend data.Show less
CVE-2025-46178 1Vishalmathur 1Cloudclassroom Php Project Jul 2, 2025 Jun 9, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser se...Show more Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.Show less
CVE-2025-45542 1Vishalmathur 1Cloudclassroom Php Project Jun 13, 2025 Jun 2, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
CVE-2024-57459 1Vishalmathur 1Cloudclassroom Php Project Jun 13, 2025 Jun 2, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL comman...Show more A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.Show less
CVE-2024-57423 1Vishalmathur 1Cloudclassroom Php Project Apr 7, 2025 Feb 26, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function.