Description

CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unauthorized administrative access. The vulnerability is triggered when an attacker supplies specially crafted input in the username field, such as ' OR '1'='1, leading to complete compromise of the login mechanism and potential exposure of sensitive backend data.

INFO

Published Date :

2025-06-18T00:00:00.000Z

Last Modified :

2025-06-20T15:29:58.916Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-26198 vulnerability.

Vendors Products
Vishalmathur
  • Cloudclassroom-php Project
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-26198.

URL Resource
https://gist.github.com/tansique-17/0776791b8edd4931216be452a6971f5e cve-icon cve-icon
https://github.com/tansique-17/CVE-2025-26198/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact