Description
A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
Published: 2026-06-08
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an SQL injection flaw that arises from improper handling of the “Username” parameter in the index.php page of the Student Attendance Management System. Attackers can craft malicious input to execute arbitrary SQL commands, potentially reading, modifying, or deleting sensitive data stored in the application. The flaw is identified as CWE-74 and CWE‑89.

Affected Systems

CodeAstro Student Attendance Management System version 1.0 is affected. No other versions are mentioned in the CNA data.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity risk. The EPSS score is not available, but the advisory states the exploit has been published and may be used, implying some likelihood of exploitation. Since the vulnerability can be triggered remotely over the network, an attacker only needs access to the web interface to abuse it, and it is not mitigated by local user restrictions. The vulnerability is not listed in the CISA KEV catalog.

Generated by OpenCVE AI on June 8, 2026 at 20:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of CodeAstro Student Attendance Management System or apply vendor‑supplied patch if one is available.
  • Sanitize all user input, especially the Username parameter, and use parameterized queries to prevent injection.
  • Implement network segmentation or firewall rules to restrict external access to the web interface and reduce attack surface.

Generated by OpenCVE AI on June 8, 2026 at 20:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
Title CodeAstro Student Attendance Management System index.php sql injection
First Time appeared Codeastro
Codeastro student Attendance Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*
Vendors & Products Codeastro
Codeastro student Attendance Management System
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Codeastro Student Attendance Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T19:00:12.715Z

Reserved: 2026-06-08T12:05:31.578Z

Link: CVE-2026-11582

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T20:16:59.780

Modified: 2026-06-08T20:16:59.780

Link: CVE-2026-11582

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T21:00:14Z

Weaknesses