本頁列出影響 vishalmathur cloudclassroom-php_project 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-44608 | CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter. | [email protected] | 6.5 | 0.24% | 2025-07-25 | 2025-08-07 |
| CVE-2025-46179 | A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries. | [email protected] | 9.8 | 0.27% | 2025-06-20 | 2025-06-26 |
| CVE-2025-26199 | CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and explo | [email protected] | 9.8 | 3.03% | 2025-06-18 | 2025-07-09 |
| CVE-2025-26198 | CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unauthorized administrative access. The vulnerability is triggered when an attacker supplies specially crafted input in the username field, such as ' OR ' | [email protected] | 9.8 | 0.99% | 2025-06-18 | 2025-07-09 |
| CVE-2025-46178 | Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement. | [email protected] | 6.1 | 0.17% | 2025-06-09 | 2025-07-02 |
| CVE-2025-45542 | SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries. | [email protected] | 7.3 | 0.67% | 2025-06-02 | 2025-06-13 |
| CVE-2024-57459 | A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands. | [email protected] | 7.3 | 0.20% | 2025-06-02 | 2025-06-13 |
| CVE-2024-57423 | A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function. | [email protected] | 6.1 | 0.34% | 2025-02-26 | 2025-04-07 |