CVE-2026-11583 - Vulnerability Details

- CodeAstro Student Attendance Management System createClass.php sql injection

Description

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Published: 2026-06-08

Score: 5.3 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability exists in the createClass.php script of CodeAstro Student Attendance Management System v1.0. The className parameter is concatenated directly into an SQL query without validation, creating an injection point. An attacker can supply a crafted className value to execute arbitrary SQL commands, exposing or altering attendance data. The flaw permits remote exploitation, meaning it can be triggered from outside the host.

Affected Systems

CodeAstro Student Attendance Management System, version 1.0. The issue resides in the /attendance-php/Admin/createClass.php file of this version. No other product or version information is noted.

Risk and Exploitability

The CVSS score of 5.3 classifies the vulnerability as medium severity. EPSS is not reported and the flaw is not listed in CISA KEV. Because the description states that the attack can be initiated remotely and does not require authentication, any user able to reach the className endpoint can potentially inject SQL. Successful exploitation could lead to unauthorized reading, modification, or deletion of attendance records, compromising the confidentiality and integrity of the data without implying availability impact based on the supplied data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

CodeAstro

Student Attendance Management System

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply a vendor patch or upgrade to the latest version of CodeAstro Student Attendance Management System that addresses the SQL injection issue in createClass.php.
Implement input validation and sanitization for the className parameter, and replace string concatenation with parameterized queries or prepared statements to eliminate injection risk.
Restrict access to the createClass.php endpoint to authenticated administrative users only, enforcing role-based access control to ensure that only authorized personnel can create classes.

Generated by OpenCVE AI on June 8, 2026 at 20:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://codeastro.com/
https://github.com/Andelstander/cve/issues/8
https://vuldb.com/cve/CVE-2026-11583
https://vuldb.com/submit/836798
https://vuldb.com/vuln/369180
https://vuldb.com/vuln/369180/cti

History

Mon, 08 Jun 2026 19:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Title		CodeAstro Student Attendance Management System createClass.php sql injection
First Time appeared		Codeastro Codeastro student Attendance Management System
Weaknesses		CWE-74 CWE-89
CPEs		cpe:2.3:h:codeastro:student_attendance_management_system::::::::
Vendors & Products		Codeastro Codeastro student Attendance Management System
References		https://codeastro.com/ https://github.com/Andelstander/cve/issues/8 https://vuldb.com/cve/CVE-2026-11583 https://vuldb.com/submit/836798 https://vuldb.com/vuln/369180 https://vuldb.com/vuln/369180/cti
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Codeastro Student Attendance Management System

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-08T19:15:09.900Z

Updated: 2026-06-08T19:15:09.900Z

Reserved: 2026-06-08T12:05:34.440Z

Link: CVE-2026-11583

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-08T20:16:59.990

Modified: 2026-06-08T20:16:59.990

Link: CVE-2026-11583

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-08T21:00:14Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object