HIGH🇵🇱 Wersja polska

CVE-2024-57459

CVSS 7.3v3.1pub. 2025-06-02upd. 2025-06-13

A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
  • Vishalmathur Cloudclassroom PHP Project

    APP
    Vishalmathur
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-46179CRITICAL9.8PL ✓ten sam produkt

SQL Injection w CloudClassroom-PHP — plik askquery.php

CVE-2025-26198CRITICAL9.8PL ✓ten sam produkt

SQL Injection w CloudClassroom-PHP — ominięcie uwierzytelnienia admina

CVE-2025-26199CRITICAL9.8PL ✓ten sam produkt

Nieszyfrowana transmisja danych logowania w CloudClassroom-PHP-Project

CVE-2025-45542HIGH7.3ten sam produkt

SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass para...

CVE-2025-44608MEDIUM6.5ten sam produkt

CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid paramet...