CVE-2025-44608 PoC — CloudClassroom-PHP-Project 安全漏洞

Source

Associated Vulnerability

Description

CVE-2025-44608

Readme

# CVE-2025-44608

CloudClassroom-PHP Project v1.0 is vulnerable to  RCE via SQL Injection.

Vendor: https://github.com/mathurvishal/CloudClassroom-PHP-Project

Software Link: https://github.com/mathurvishal/CloudClassroom-PHP-Project/archive/refs/heads/master.zip

---
## PoC

Step 1: Navigate to the affected URL and modify the ?viewid=1 parameter by appending a single quote ('). Upon doing so, the application returns an SQL error, indicating a possible SQL injection vulnerability. Using the SQLmap tool, I successfully exploited this vulnerability. Through the SQL injection, I was able to upload a malicious PHP file to the server. Once uploaded, I used the PHP file to execute system commands, confirming remote code execution (RCE) on the target system.



![1](https://github.com/user-attachments/assets/60f112de-2bd5-4921-8fb6-08b40853226c)
![2](https://github.com/user-attachments/assets/e3c03c5e-6fc8-42c8-a169-cb75b9ac1aaf)

![3](https://github.com/user-attachments/assets/e760a497-0bd8-49a7-9418-db6d525d562d)

![4](https://github.com/user-attachments/assets/123a5363-e7a0-48e6-9e3d-a4ee2d527ba3)![5](https://github.com/user-attachments/assets/5b9842e2-5f3e-45bf-82cb-f9e1022699c6)

![Uploading 5.PNG…]()

![6](https://github.com/user-attachments/assets/7bc6e8ce-0128-487f-826f-b0e1a3141fce)

![7](https://github.com/user-attachments/assets/1846d2b5-27f5-4127-9970-ee902fd67bc4)

![8](https://github.com/user-attachments/assets/53c960a9-aeea-4e76-a89f-6ece69e0ec7a)

File Snapshot

 [4.0K]  /data/pocs/332d61ca8aa05ef4dd522c8693a4a9a69a7341e6
├── [1.4K]  README.md
└── [  39]  test.sh

0 directories, 2 files

Remarks