CVE-2025-45542

Name of the Vulnerable Software and Affected Versions CloudClassroom-PHP-Project version 1.0

Description A SQL injection vulnerability exists in the registrationform endpoint of CloudClassroom-PHP-Project due to improper input validation, allowing attackers to inject SQL queries. The pass parameter is specifically vulnerable. This issue risks remote data theft and authentication bypass.

Recommendations As a temporary workaround, consider using prepared statements and sanitization to mitigate the risk of SQL injection. Restrict access to the registrationform endpoint to minimize the risk of exploitation. Avoid using the pass parameter in the affected endpoint until the issue is resolved. Update the software to a version that includes a fix for this issue, once available.