CVE-2025-26199

Critical CVSS: 9.8

CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execution depending on the environment.

Vendor

Vishalmathur

Product

Cloudclassroom-php Project

CWE

CWE-319

Yayın Tarihi

2025-06-18 20:15:19

Güncelleme

2025-07-09 18:25:05

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-319 Cloudclassroom-php Project CRITICAL Vishalmathur 2025

Referanslar

https://gist.github.com/tansique-17/6e01bb1b8a09ef499a9b8484a8dc2487 https://github.com/tansique-17/CVE-2025-26199/tree/main

Benzer Kayıtlar

Medium

CVE-2026-2058

A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This im…

Critical

CVE-2025-52410

Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php e…

Critical

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts…

Medium

CVE-2025-50866

CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of t…

Medium

CVE-2025-50867

A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where th…

Medium

CVE-2025-44608

CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.