Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0

From: Sanjay Singh <sanjay70023 () gmail com>
Date: Fri, 30 May 2025 22:58:18 +0530
Hello Full Disclosure list,

I am sharing details of a newly assigned CVE affecting an open-source
educational software project:

------------------------------------------------------------------------
CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP
Project v1.0
------------------------------------------------------------------------

Product: CloudClassroom PHP Project
Vendor: https://github.com/mathurvishal/CloudClassroom-PHP-Project
Affected Version: v1.0
Vulnerability Type: SQL Injection
Attack Type: Remote
CVE ID: CVE-2025-45542
Discoverer: Sanjay Singh

Vulnerability Details:
A time-based blind SQL injection vulnerability exists in the
`registrationform` endpoint of CloudClassroom-PHP-Project v1.0. The `pass`
parameter is not properly sanitized, allowing an unauthenticated remote
attacker to manipulate backend SQL logic and potentially extract sensitive
information.

Proof of Concept:
The vulnerability can be exploited using a POST request with a crafted
payload like:
`'XOR(if(now()=sysdate(),sleep(6),0))XOR'`

Impact:
Successful exploitation allows for:
- Arbitrary SQL execution
- Potential information disclosure
- Authentication bypass under certain conditions

Recommended Mitigations:
- Use prepared statements with parameterized queries
- Sanitize input with `mysqli_real_escape_string()` or similar
- Implement a Web Application Firewall (WAF)
- Enforce least privilege on the application’s DB user

References:
- GitHub: https://github.com/mathurvishal/CloudClassroom-PHP-Project
- Exploit-DB Submission (pending approval)
- GHDB Dork (submitted): `inurl:"CloudClassroom-PHP-Project-master"
intitle:"Cloud Classroom"`

I have also submitted this to Exploit-DB and the Google Hacking Database to
assist defenders and researchers.

Attached is a detailed advisory in plain text format.

Regards,
Sanjay Singh
https://www.linkedin.com/in/sanjay70023

https://gist.github.com/sanjay70023/63e9c32e49a0760eaa6b9e2a8ba8c966

Attachment: CVE-2025-45542.txt
Description: 

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: