CVE-2025-26198

CRITICAL EPSS 43.0%

Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago

9.8 CVSS 3.1

Critical

Published Jun 18, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unauthorized administrative access. The vulnerability is triggered when an attacker supplies specially crafted input in the username field, such as ' OR '1'='1, leading to complete compromise of the login mechanism and potential exposure of sensitive backend data.

CVSS Details

Base Score

9.8

Exploitability

3.9

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

43.0% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 1

Vendor	Product	Version	Range
vishalmathur	cloudclassroom-php_project	1.0	any

References 2

gist.github.com https://gist.github.com/tansique-17/0776791b8edd4931216be452a6971f5e

ExploitThird Party Advisory
github.com https://github.com/tansique-17/CVE-2025-26198/

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.