一、 漏洞 CVE-2025-45542 基础信息
漏洞信息
                                        # N/A

## 漏洞概述
CloudClassroom-PHP-Project v1.0 版本中存在 SQL 注入漏洞。该漏洞存在于注册表单(registrationform)端点的 `pass` 参数处,由于输入验证不足,允许攻击者注入恶意 SQL 查询。

## 影响版本
- CloudClassroom-PHP-Project v1.0

## 漏洞细节
`pass` 参数在 `registrationform` 端点中未进行适当的输入验证。攻击者可以通过操控这个参数来注入恶意的 SQL 查询。

## 影响
由于存在 SQL 注入漏洞,攻击者可以执行未经授权的数据库操作,从而获取、修改或删除敏感数据。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
CloudClassroom-PHP-Project 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
CloudClassroom-PHP-Project是Vishal Mathur个人开发者的一个云课堂网站。 CloudClassroom-PHP-Project v1.0版本存在安全漏洞,该漏洞源于registrationform端点中参数pass输入验证不足,可能导致SQL注入攻击。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2025-45542 的公开POC
# POC 描述 源链接 神龙链接
三、漏洞 CVE-2025-45542 的情报信息

  • 标题: GitHub - mathurvishal/CloudClassroom-PHP-Project: The “Cloud Classroom” Website (web-based application) is useful for the students, faculty, guest whoever likes to learn from web using E-Learn (Videos), as well Check result, schedules of assessment and all that task like event, news, students can find out list of fresh courses offered by them and admission procedure, discussion forum, fee structure etc. without going to institute. It provides the facility to the students or guest to have complete information about the institute. In this application, the student can attend his\her missed classes from e-learn. -- 🔗来源链接

    标签:

    神龙速读
    GitHub - mathurvishal/CloudClassroom-PHP-Project: The “Cloud Classroom” Website (web-based application) is useful for the students, faculty, guest whoever likes to learn from web using E-Learn (Videos), as well Check result, schedules of assessment and all that task like event, news, students can find out list of fresh courses offered by them and admission procedure, discussion forum, fee structure etc. without going to institute. It provides the facility to the students or guest to have complete information about the institute. In this application, the student can attend his\her missed classes from e-learn.

  • 标题: 🚨 CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 ! | by Sanjay Singh | May, 2025 | Medium -- 🔗来源链接

    标签:

    神龙速读
    🚨 CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 ! | by Sanjay Singh | May, 2025 | Medium
  • https://nvd.nist.gov/vuln/detail/CVE-2025-45542