vishalmathur CVE Vulnerabilities & Metrics

Focus on vishalmathur vulnerabilities and metrics.

Last updated: 21 Aug 2025, 22:25 UTC

About vishalmathur Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with vishalmathur. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total vishalmathur CVEs: 10
Earliest CVE date: 26 Feb 2025, 21:15 UTC
Latest CVE date: 31 Jul 2025, 17:15 UTC

Latest CVE reference: CVE-2025-50866

Rolling Stats

30-day Count (Rolling): 3
365-day Count (Rolling): 10

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical vishalmathur CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range Count
0.0-3.9 10
4.0-6.9 0
7.0-8.9 0
9.0-10.0 0

CVSS Distribution Chart

Top 5 Highest CVSS vishalmathur CVEs

These are the five CVEs with the highest CVSS scores for vishalmathur, sorted by severity first and recency.

All CVEs for vishalmathur

CVE-2025-50866 vishalmathur vulnerability CVSS: 0 31 Jul 2025, 17:15 UTC

CloudClassroom-PHP-Project 1.0 contains a reflected Cross-site Scripting (XSS) vulnerability in the email parameter of the postquerypublic endpoint. Improper sanitization allows an attacker to inject arbitrary JavaScript code that executes in the context of the user s browser, potentially leading to session hijacking or phishing attacks.

CVE-2025-50867 vishalmathur vulnerability CVSS: 0 31 Jul 2025, 16:15 UTC

A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.

CVE-2025-44608 vishalmathur vulnerability CVSS: 0 25 Jul 2025, 15:15 UTC

CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.

CVE-2025-46179 vishalmathur vulnerability CVSS: 0 20 Jun 2025, 15:15 UTC

A SQL Injection vulnerability was discovered in the askquery.php file of CloudClassroom-PHP Project v1.0. The squeryx parameter accepts unsanitized input, which is passed directly into backend SQL queries.

CVE-2025-26199 vishalmathur vulnerability CVSS: 0 18 Jun 2025, 20:15 UTC

CloudClassroom-PHP-Project v1.0 is affected by an insecure credential transmission vulnerability. The application transmits passwords over unencrypted HTTP during the login process, exposing sensitive credentials to potential interception by network-based attackers. A remote attacker with access to the same network (e.g., public Wi-Fi or compromised router) can capture login credentials via Man-in-the-Middle (MitM) techniques. If the attacker subsequently uses the credentials to log in and exploit administrative functions (e.g., file upload), this may lead to remote code execution depending on the environment.

CVE-2025-26198 vishalmathur vulnerability CVSS: 0 18 Jun 2025, 18:15 UTC

CloudClassroom-PHP-Project v1.0 contains a critical SQL Injection vulnerability in the loginlinkadmin.php component. The application fails to sanitize user-supplied input in the admin login form before directly including it in SQL queries. This allows unauthenticated attackers to inject arbitrary SQL payloads and bypass authentication, gaining unauthorized administrative access. The vulnerability is triggered when an attacker supplies specially crafted input in the username field, such as ' OR '1'='1, leading to complete compromise of the login mechanism and potential exposure of sensitive backend data.

CVE-2025-46178 vishalmathur vulnerability CVSS: 0 09 Jun 2025, 16:15 UTC

Cross-Site Scripting (XSS) vulnerability exists in askquery.php via the eid parameter in the CloudClassroom PHP Project. This allows remote attackers to inject arbitrary JavaScript in the context of a victim s browser session by sending a crafted URL, leading to session hijacking or defacement.

CVE-2025-45542 vishalmathur vulnerability CVSS: 0 02 Jun 2025, 16:15 UTC

SQL injection vulnerability in the registrationform endpoint of CloudClassroom-PHP-Project v1.0. The pass parameter is vulnerable due to improper input validation, allowing attackers to inject SQL queries.

CVE-2024-57459 vishalmathur vulnerability CVSS: 0 02 Jun 2025, 16:15 UTC

A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.

CVE-2024-57423 vishalmathur vulnerability CVSS: 0 26 Feb 2025, 21:15 UTC

A Cross Site Scripting vulnerability in CloudClassroom-PHP Project v1.0 allows a remote attacker to execute arbitrary code via the exid parameter of the assessment function.