π‘οΈ CVE-2025-26199 β Insecure Password Transmission via Cleartext in CloudClassroom-PHP-Project v1.0
CloudClassroom-PHP-Project v1.0 is vulnerable to insecure transmission of user credentials. During the authentication process, passwords are submitted over unencrypted HTTP rather than HTTPS. This exposes sensitive information (i.e., usernames and passwords) to interception by network-based attackers using packet sniffing or Man-in-the-Middle (MitM) attacks.
If an attacker captures valid admin credentials, they may log in and potentially exploit additional application functionality (e.g., file upload or remote shell injection) to achieve remote code execution, depending on the deployment context and system configuration.