Description
A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Published: 2026-05-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw was discovered in CodeAstro Online Classroom 1.0 where manipulating the fname argument in the /OnlineClassroom/addnewstudent endpoint can trigger an SQL injection vulnerability. The injection allows an attacker to execute arbitrary SQL commands against the application’s database. This can lead to unauthorized data disclosure, modification, or deletion of student records and undermine application integrity.

Affected Systems

The affected product is CodeAstro Online Classroom version 1.0. The vulnerability resides in the addnewstudent functionality located at /OnlineClassroom/addnewstudent; the specific function within the file is not documented in the advisory.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. An attacker can exploit the flaw remotely and the exploit has been made public, suggesting that remote users could attempt exploitation without privileged access. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, implying that large‑scale exploitation has not yet been observed. Nonetheless, the public nature of the exploit and remote attack surface warrant timely attention.

Generated by OpenCVE AI on May 4, 2026 at 09:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update CodeAstro Online Classroom to the latest version that includes a fix for the injection flaw. If a vendor patch is available, apply it immediately.
  • If no official patch exists, modify the addnewstudent functionality to use parameterized queries or prepared statements so that fname is safely escaped. In addition, restrict access to this functionality to authenticated administrative users only to minimize exposure.
  • Deploy a web application firewall rule set targeting the /OnlineClassroom/addnewstudent endpoint to detect and block SQL injection attempts on the fname parameter as an interim protection measure.

Generated by OpenCVE AI on May 4, 2026 at 09:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Codeastro
Codeastro online Classroom
Vendors & Products Codeastro
Codeastro online Classroom

Mon, 04 May 2026 07:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Title CodeAstro Online Classroom addnewstudent sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Codeastro Online Classroom
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T07:30:13.668Z

Reserved: 2026-05-03T17:16:12.746Z

Link: CVE-2026-7744

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-04T08:16:03.010

Modified: 2026-05-04T15:17:58.710

Link: CVE-2026-7744

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T09:30:42Z

Weaknesses