CVE-2026-2058

HIGH

mathurvishal CloudClassroom-PHP-Project - SQL Injection via gnamex Parameter

Title source: llm

Description

A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-2058

View Code ZIP pw:eip

nomisec WORKING POC

by carlosalbertotuma · poc

https://github.com/carlosalbertotuma/CVE-2026-2058-PoC

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory] https://github.com/carlosalbertotuma/CLOUD-CLASSROOMS-php-1.0

View Exploit ZIP pw:eip

[Exploit, Third Party Advisory] https://github.com/carlosalbertotuma/CLOUD-CLASSROOMS-php-1.0#impact

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.344618

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.344618

[Exploit, Third Party Advisory, VDB Entry] https://vuldb.com/?submit.744236

Scores

CVSS v3 7.3

EPSS 0.0004

EPSS Percentile 10.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-89 CWE-74

Status published

Products (1)

vishalmathur/cloudclassroom-php-project 1.0

Published Feb 06, 2026

Tracked Since Feb 18, 2026