Description
A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Published: 2026-05-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unknown function in the /OnlineClassroom/studentdetails endpoint accepts a deleteid argument that is not properly sanitized, allowing an attacker to inject arbitrary SQL statements. The vulnerability is a classic SQL injection flaw (CWE-74, CWE-89) and can be triggered remotely via HTTP requests. Abuse of this flaw can lead to unauthorized read or modification of database contents, potentially exposing sensitive student records and classroom data.

Affected Systems

CodeAstro Online Classroom version 1.0 is known to be impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates medium severity, and the exploit has already been disclosed publicly. While no EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, the remote attack vector and the presence of a public exploit suggest that the risk of exploitation in the wild is non‑negligible. Administrators should evaluate current exposure and consider how the flaw could affect confidentiality, integrity, and availability of the application data.

Generated by OpenCVE AI on May 4, 2026 at 08:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑released patch for CodeAstro Online Classroom as soon as it becomes available.
  • Implement strict input validation on the deleteid parameter, ensuring only numeric identifiers are accepted before the value is used in a SQL query.
  • Refactor database access to use parameterized statements or prepared queries, thereby removing direct string interpolation of user input.

Generated by OpenCVE AI on May 4, 2026 at 08:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Codeastro
Codeastro online Classroom
Vendors & Products Codeastro
Codeastro online Classroom

Mon, 04 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Title CodeAstro Online Classroom studentdetails sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Codeastro Online Classroom
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T07:15:10.911Z

Reserved: 2026-05-03T17:16:09.627Z

Link: CVE-2026-7743

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-04T08:16:02.847

Modified: 2026-05-04T15:17:58.710

Link: CVE-2026-7743

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T09:00:11Z

Weaknesses