CRITICALπŸ‡΅πŸ‡± Wersja polska

CVE-2025-46179

CVSS 9.8v3.1pub. 2025-06-20upd. 2025-06-26

A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries.

πŸ€– AI Analysis
How it works

The 'squeryx' parameter in the askquery.php file is not subject to any validation or sanitization before being passed to the database backend. An attacker can inject arbitrary SQL code into this parameter, modifying the logic of executed queries. Since the attack requires no authentication, authorization, or user interaction, the exploit can be carried out remotely over the network.

Impact

An attacker can gain unauthorized access to sensitive data, modify or delete database contents, and in favorable server configurations β€” completely take over system control.

Mitigation & patch

Apply patches available from the vendor according to references. Temporarily, it is recommended to implement validation and parameterization of SQL queries (prepared statements) for the 'squeryx' parameter in the askquery.php file and restrict access to the vulnerable resource at the firewall or web server level.

Who is affected

CloudClassroom-PHP Project v1.0 (Vishalmathur)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Vishalmathur Cloudclassroom PHP Project

    APP
    Vishalmathur
    1.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-26199CRITICAL9.8PL βœ“ten sam produkt

Nieszyfrowana transmisja danych logowania w CloudClassroom-PHP-Project

CVE-2025-26198CRITICAL9.8PL βœ“ten sam produkt

SQL Injection w CloudClassroom-PHP β€” ominiΔ™cie uwierzytelnienia admina

CVE-2025-45542HIGH7.3ten sam produkt

SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass para...

CVE-2024-57459HIGH7.3ten sam produkt

A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0....

CVE-2025-44608MEDIUM6.5ten sam produkt

CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid paramet...

CVE-2025-46179 β€” Vishalmathur β€” Cloudclassroom-Php Project β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl