Description
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-06-08
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A SQL injection flaw exists in the createClassArms.php script of CodeAstro Student Attendance Management System. By manipulating the classId argument, an attacker can inject arbitrary SQL statements. The vulnerability is able to be triggered remotely and the malicious input can lead to the disclosure, modification, or deletion of data stored in the system’s database. The flaw directly maps to input validation weaknesses (CWE‑74) and unsanitized query construction (CWE‑89).

Affected Systems

The affected product is CodeAstro Student Attendance Management System version 1.0. All deployments of this version that expose the /attendance-php/Admin/createClassArms.php endpoint are vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity impact. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, so no compelling evidence of widespread exploitation exists yet. However, the flaw is remediable via an update and can be exploited by any remote user with the proper URL and credentials. The risk remains that unpatched systems could be compromised by attackers who discover the publicly disclosed exploit.

Generated by OpenCVE AI on June 8, 2026 at 21:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to a fixed version of the Student Attendance Management System.
  • If a patch is not yet available, restrict remote access to the /attendance-php/Admin/createClassArms.php endpoint by enforcing strong authentication and limiting IP ranges.
  • Implement application‑level input validation and transition to prepared statement usage for all database interactions related to classId parameters.

Generated by OpenCVE AI on June 8, 2026 at 21:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Title CodeAstro Student Attendance Management System createClassArms.php sql injection
First Time appeared Codeastro
Codeastro student Attendance Management System
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*
Vendors & Products Codeastro
Codeastro student Attendance Management System
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Codeastro Student Attendance Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-08T19:45:11.161Z

Reserved: 2026-06-08T12:05:39.652Z

Link: CVE-2026-11585

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T21:16:28.177

Modified: 2026-06-08T21:16:28.177

Link: CVE-2026-11585

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T21:30:06Z

Weaknesses