{"id":55228,"date":"2025-06-26T15:03:04","date_gmt":"2025-06-26T15:03:04","guid":{"rendered":""},"modified":"2025-07-07T23:55:23","modified_gmt":"2025-07-08T05:55:23","slug":"cve-2025-46179-sql-injection-vulnerability-in-cloudclassroom-php-project","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-46179-sql-injection-vulnerability-in-cloudclassroom-php-project\/","title":{"rendered":"CVE-2025-46179: SQL Injection Vulnerability in CloudClassroom-PHP Project<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The Common Vulnerabilities and Exposures (CVE) system has identified a critical SQL Injection vulnerability, labeled as CVE-2025-46179, within the CloudClassroom-PHP Project v1.0. This flaw resides in the askquery.php file where the squeryx parameter accepts unsanitized input, which is then directly passed into backend SQL queries. This vulnerability could potentially compromise the entire system or leak sensitive data if exploited<\/a>, affecting anyone who uses or depends on the CloudClassroom-PHP Project. Given the severity of the vulnerability<\/a>, understanding it and mitigating its risks is of utmost importance.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-46179
\nSeverity: Critical (9.8\/10)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: Required
\nImpact: System compromise or data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n