Description
A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Published: 2026-06-08
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A vulnerability exists in the CodeAstro Student Attendance Management System where the ID argument of the /attendance-php/Admin/createClass.php?action=edit endpoint can be manipulated to inject arbitrary SQL statements. This flaw allows an attacker to read or modify database contents, potentially exposing attendance records, altering grades, or deleting data. The weakness is a classic SQL injection (CWE-89) and may involve command injection techniques (CWE-74). The direct impact is the compromise of data confidentiality, integrity, and availability.

Affected Systems

The flaw affects CodeAstro Student Attendance Management System version 1.0. No other versions or platforms are noted in the advisory. Users running this product are potentially exposed if the createClass.php edit function is accessible.

Risk and Exploitability

The CVSS score for this issue is 5.3, indicating moderate risk. The EPSS score is not available, but the publicly disclosed exploit shows that remote attacks are feasible via HTTP requests. The vulnerability is not listed in the CISA KEV catalog. Attacks can be carried out by sending crafted ID parameters to the web application, and they require only web access to the vulnerable endpoint.

Generated by OpenCVE AI on June 8, 2026 at 20:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a vendor patch or update to the latest version of CodeAstro Student Attendance Management System when it becomes available.
  • Ensure that the createClass.php edit endpoint is protected behind authentication and role‑based access control so that only authorized administrators can reach it.
  • Validate and sanitize all user‑supplied input, particularly the ID parameter, using parameterized queries or prepared statements.

Generated by OpenCVE AI on June 8, 2026 at 20:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Title CodeAstro Student Attendance Management System createClass.php edit sql injection
First Time appeared Codeastro
Codeastro student Attendance Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*
Vendors & Products Codeastro
Codeastro student Attendance Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Codeastro Student Attendance Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T19:30:09.822Z

Reserved: 2026-06-08T12:05:37.005Z

Link: CVE-2026-11584

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T20:17:00.163

Modified: 2026-06-08T20:17:00.163

Link: CVE-2026-11584

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T20:30:06Z

Weaknesses