CVE-2025-45542
HIGHCloudClassroom-PHP-Project v1.0 - SQL Injection via Registration Form Pass Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2025-45542. PoCs published by Sanjay Singh.
AI-analyzed exploit summary This exploit demonstrates a time-based blind SQL injection vulnerability in the 'pass' parameter of the registrationform endpoint in CloudClassroom PHP Project 1.0. The PoC uses a crafted curl request to trigger a delay in server response, confirming the injection point.
Description
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
Exploits (1)
This exploit demonstrates a time-based blind SQL injection vulnerability in the 'pass' parameter of the registrationform endpoint in CloudClassroom PHP Project 1.0. The PoC uses a crafted curl request to trigger a delay in server response, confirming the injection point.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L