A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LVishalmathur Cloudclassroom PHP Project
APPVishalmathur1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
Related vulnerabilities
CVE-2025-46179CRITICAL9.8PL ✓ten sam produkt
SQL Injection w CloudClassroom-PHP — plik askquery.php
CVE-2025-26198CRITICAL9.8PL ✓ten sam produkt
SQL Injection w CloudClassroom-PHP — ominięcie uwierzytelnienia admina
CVE-2025-26199CRITICAL9.8PL ✓ten sam produkt
Nieszyfrowana transmisja danych logowania w CloudClassroom-PHP-Project
CVE-2025-45542HIGH7.3ten sam produkt
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass para...
CVE-2025-44608MEDIUM6.5ten sam produkt
CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid paramet...