CVE-2024-57459

HIGH

CloudClassroom PHP Project 1.0 - Time-Based SQL Injection via myds Parameter

Title source: llm
STIX 2.1

Description

A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.

Scores

CVSS v3 7.3
EPSS 0.0021
EPSS Percentile 11.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
vishalmathur/cloudclassroom-php_project 1.0
Published Jun 02, 2025
Tracked Since Feb 18, 2026