Description
A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-02-06
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

The vulnerability in CloudClassroom-PHP-Project allows an attacker to manipulate the gnamex parameter in the /postquerypublic.php page to inject arbitrary SQL commands. This flaw maps to CWE-74 and CWE-89 and can enable the attacker to read, modify, or delete database contents, potentially compromising confidential data and application integrity.

Affected Systems

Affected installations include mathurvishal’s CloudClassroom-PHP-Project, version 1.0 and earlier revisions up to commit 5dadec098bfbbf3300d60c3494db3fb95b66e7be. The product follows a rolling release model, so newer releases may contain a fix but specific version details are not enumerated in the advisory.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, yet the EPSS score of less than 1% suggests a low probability that this exploit is in widespread use. The attack is remote and has been published, but the vulnerability is not listed in the CISA KEV catalog. An unauthenticated attacker can trigger the injection by sending a crafted request to the vulnerable parameter, potentially leading to unauthorized data exposure or manipulation.

Generated by OpenCVE AI on April 17, 2026 at 22:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the CloudClassroom-PHP-Project to the latest rolling release that includes the fix for the gnamex injection flaw.
  • Refactor the application to use parameterized queries or prepared statements for the gnamex input, eliminating direct SQL concatenation.
  • Implement input validation on the gnamex parameter to reject non‑SQL content and monitor web logs for injection attempts, blocking malicious traffic if necessary.

Generated by OpenCVE AI on April 17, 2026 at 22:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Vishalmathur
Vishalmathur cloudclassroom-php-project
CPEs cpe:2.3:a:vishalmathur:cloudclassroom-php-project:1.0:*:*:*:*:*:*:*
Vendors & Products Vishalmathur
Vishalmathur cloudclassroom-php-project

Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Mathurvishal
Mathurvishal cloudclassroom-php-project
Vendors & Products Mathurvishal
Mathurvishal cloudclassroom-php-project

Fri, 06 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Feb 2026 16:45:00 +0000

Type Values Removed Values Added
Description A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post Query Details Page. This manipulation of the argument gnamex causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.
Title mathurvishal CloudClassroom-PHP-Project Post Query Details postquerypublic.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Mathurvishal Cloudclassroom-php-project
Vishalmathur Cloudclassroom-php-project
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T09:26:04.022Z

Reserved: 2026-02-06T06:30:57.424Z

Link: CVE-2026-2058

cve-icon Vulnrichment

Updated: 2026-02-06T16:53:59.580Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T17:16:27.877

Modified: 2026-02-17T19:08:43.083

Link: CVE-2026-2058

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T22:45:29Z

Weaknesses