vishalmathur 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk sql injection、vendor risk cross-site scripting, and vendor risk input validation に関連することが多く、vendor surface production workloads の文脈で vendor impact session compromise and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-2058 | A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affect | [email protected] | 5.5 | 0.03% | 2026-02-06 | 2026-04-29 |
| CVE-2025-52410 | Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The `myds` GET parameter is not adequately sanitized before being used in SQL queries. | [email protected] | 9.8 | 0.03% | 2025-11-20 | 2025-12-12 |
| CVE-2025-55444 | A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution. | [email protected] | 9.8 | 0.78% | 2025-08-20 | 2025-09-11 |
| CVE-2025-50866 | CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks. | [email protected] | 6.1 | 0.18% | 2025-07-31 | 2025-08-06 |
| CVE-2025-50867 | A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization. | [email protected] | 6.5 | 0.24% | 2025-07-31 | 2025-08-06 |
| CVE-2025-44608 | CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter. | [email protected] | 6.5 | 0.24% | 2025-07-25 | 2025-08-07 |
| CVE-2025-51411 | A reflected cross-site scripting (XSS) vulnerability exists in Institute-of-Current-Students v1.0 via the email parameter in the /postquerypublic endpoint. The application fails to properly sanitize user input before reflecting it in the HTML response. This allows unauthenticated attackers to inject and execute arbitrary JavaScript code in the context of the victim's browser by tricking them into visiting a crafted URL or submitting a malicious form. Successful exploitation may lead to session h | [email protected] | 6.1 | 0.06% | 2025-07-25 | 2025-10-09 |
| CVE-2025-46179 | A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries. | [email protected] | 9.8 | 0.27% | 2025-06-20 | 2025-06-26 |
| CVE-2025-26199 | CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and explo | [email protected] | 9.8 | 3.03% | 2025-06-18 | 2025-07-09 |
| CVE-2025-26198 | CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unauthorized administrative access. The vulnerability is triggered when an attacker supplies specially crafted input in the username field, such as ' OR ' | [email protected] | 9.8 | 0.99% | 2025-06-18 | 2025-07-09 |
| CVE-2025-46178 | Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement. | [email protected] | 6.1 | 0.17% | 2025-06-09 | 2025-07-02 |
| CVE-2025-45542 | SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | [email protected] | 7.3 | 0.67% | 2025-06-02 | 2025-06-13 |
| CVE-2024-57459 | A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands. | [email protected] | 7.3 | 0.20% | 2025-06-02 | 2025-06-13 |
| CVE-2024-57423 | A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function. | [email protected] | 6.1 | 0.34% | 2025-02-26 | 2025-04-07 |