CVE-2026-10260 - Vulnerability Details

- CodeAstro Online Job Portal delete-jobs.php sql injection

Description

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Published: 2026-06-01

Score: 6.9 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A vulnerability exists in the delete-jobs.php script of the CodeAstro Online Job Portal that allows malicious actors to manipulate the ID parameter, resulting in a classic SQL injection flaw. This flaw can grant unauthorized database access and enable the attacker to read, modify, or delete job posting records, thereby compromising the confidentiality, integrity, and availability of the portal’s data.

Affected Systems

The affected product is CodeAstro Online Job Portal version 1.0. No other versions or vendor variants are listed, so any deployment of this version should be considered vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity level, and the EPSS score is not available, but the vulnerability is an active remote vulnerability with a publicly available exploit. The flaw is exploitable over the network via the web interface, and an attacker could leverage the SQL injection to compromise the underlying database. Although the vulnerability is not currently listed in the CISA KEV catalog, its remote nature and public exploit increase its risk to deployments that have not applied a fix.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

CodeAstro

Online Job Portal

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Codeastro

Online Job Portal

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest vendor patch or update to a fixed version of CodeAstro Online Job Portal as soon as it becomes available
Validate the ID input parameter rigorously, restricting it to numeric values and using parameterized queries or prepared statements to avoid SQL injection
Ensure that the admin endpoints, including delete-jobs.php, are protected by strong authentication and authorization checks, limiting access to verified administrators only
Monitor database logs for unusual query patterns and consider rotating database credentials if suspicious activity is detected

Generated by OpenCVE AI on June 1, 2026 at 16:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://codeastro.com/
https://github.com/6Justdododo6/CVE/issues/18
https://vuldb.com/cve/CVE-2026-10260
https://vuldb.com/submit/824873
https://vuldb.com/vuln/367540
https://vuldb.com/vuln/367540/cti

History

Mon, 01 Jun 2026 17:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 01 Jun 2026 15:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Title		CodeAstro Online Job Portal delete-jobs.php sql injection
First Time appeared		Codeastro Codeastro online Job Portal
Weaknesses		CWE-74 CWE-89
CPEs		cpe:2.3:a:codeastro:online_job_portal::::::::
Vendors & Products		Codeastro Codeastro online Job Portal
References		https://codeastro.com/ https://github.com/6Justdododo6/CVE/issues/18 https://vuldb.com/cve/CVE-2026-10260 https://vuldb.com/submit/824873 https://vuldb.com/vuln/367540 https://vuldb.com/vuln/367540/cti
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Codeastro Online Job Portal

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-01T13:15:07.555Z

Updated: 2026-06-01T15:03:32.348Z

Reserved: 2026-05-31T12:46:04.080Z

Link: CVE-2026-10260

Vulnrichment

Updated: 2026-06-01T15:03:28.984Z

NVD

Status : Deferred

Published: 2026-06-01T15:16:32.127

Modified: 2026-06-01T16:41:55.090

Link: CVE-2026-10260

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T17:00:09Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object