CVE-2026-5580 - Vulnerability Details

- CodeAstro Online Classroom Parameter addvideos.php sql injection

Description

A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

Published: 2026-04-05

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability occurs in CodeAstro Online Classroom 1.0 within the addvideos.php file, where an attacker can manipulate the videotitle parameter to inject arbitrary SQL statements. This allows the execution of unauthorized database queries, potentially exposing, modifying, or deleting data. The weakness is an SQL injection, identified as CWE-74 and CWE-89, and it affects the confidentiality and integrity of stored information.

Affected Systems

The vulnerability affects the CodeAstro Online Classroom product; the affected version is 1.0. No other versions or components are listed as vulnerable in the public advisory.

Risk and Exploitability

The CVSS score of 5.3 classifies the issue as medium severity. Public exploits are available, and the attack can be performed remotely by supplying a crafted videotitle value to addvideos.php. The lack of an EPSS score makes precise probability assessment difficult, but the presence of known exploits indicates a realistic threat. The vulnerability is not listed in the CISA KEV catalog, but its remote exploitation potential warrants urgent attention.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

CodeAstro

Online Classroom

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Codeastro

Online Classroom

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Verify that your deployment uses CodeAstro Online Classroom 1.0 and that addvideos.php is accessible.
Apply any available vendor patch or upgrade to a version that fixes the SQL injection.
If no patch is available, temporarily disable or remove direct access to addvideos.php or restrict the functionality until a fix can be applied.
Implement input validation or refactor the code to use parameterized queries for the videotitle parameter.
Deploy a web application firewall rule that blocks typical SQL injection payload patterns on the videotitle parameter.
Monitor application logs for suspicious activity targeting addvideos.php.

Generated by OpenCVE AI on April 5, 2026 at 19:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00011.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://codeastro.com/
https://github.com/zgr0508/cve/issues/3
https://vuldb.com/submit/783753
https://vuldb.com/vuln/355350
https://vuldb.com/vuln/355350/cti

History

Tue, 07 Apr 2026 07:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Codeastro Codeastro online Classroom
Vendors & Products		Codeastro Codeastro online Classroom

Sun, 05 Apr 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Title		CodeAstro Online Classroom Parameter addvideos.php sql injection
Weaknesses		CWE-74 CWE-89
References		https://codeastro.com/ https://github.com/zgr0508/cve/issues/3 https://vuldb.com/submit/783753 https://vuldb.com/vuln/355350 https://vuldb.com/vuln/355350/cti
Metrics		cvssV2_0 `{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Codeastro Online Classroom

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-05T16:15:11.717Z

Updated: 2026-04-07T02:54:41.665Z

Reserved: 2026-04-04T15:01:58.435Z

Link: CVE-2026-5580

Vulnrichment

Updated: 2026-04-07T02:54:37.731Z

NVD

Status : Awaiting Analysis

Published: 2026-04-05T17:16:57.237

Modified: 2026-04-07T13:20:35.010

Link: CVE-2026-5580

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-06T21:56:31Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object