CVE-2024-57459
HIGHCloudClassroom PHP Project 1.0 - Time-Based SQL Injection via myds Parameter
Title source: llmDescription
A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.
References (2)
Core 2
Core References
Third Party Advisory
https://gist.github.com/b0mk35h/921cfa00f9ea1af66645574537d38587
Not Applicable
https://owasp.org/www-community/attacks/SQL_Injection
Scores
CVSS v3
7.3
EPSS
0.0021
EPSS Percentile
11.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (1)
vishalmathur/cloudclassroom-php_project
1.0
Published
Jun 02, 2025
Tracked Since
Feb 18, 2026