Description
A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-05-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the facultydetails module of CodeAstro Online Classroom 1.0, where the deleteid argument is incorporated into an SQL statement without proper sanitization, exemplifying CWE-74 and CWE-89 vulnerabilities. Attackers can supply malicious input to manipulate the query, allowing them to retrieve, alter, or delete database records. This class of issue can lead to data leakage and integrity compromise. Based on the description, it is inferred that the attacker could potentially access or modify data beyond the intended scope.

Affected Systems

The vulnerability affects CodeAstro’s Online Classroom product running version 1.0. No other versions are documented, and the exact module or function that processes deleteid is not identified beyond the facultydetails file path.

Risk and Exploitability

The CVSS score is 5.3, indicating a moderate risk level. No EPSS score is provided, so precise exploitation likelihood cannot be quantified, but the flaw is publicly disclosed and can be triggered remotely through crafted requests, indicating it could be abused if the target is exposed to the web. The issue is not listed in CISA's KEV catalog, so there is no current evidence of widespread exploitation. Users of v1.0 should evaluate the exposure and pursue mitigations promptly.

Generated by OpenCVE AI on May 4, 2026 at 10:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an official CodeAstro patch or update to a version that resolves the deleteid SQL injection flaw.
  • Implement input validation and prepared statements on the deleteid parameter, ensuring that only expected numeric identifiers are accepted or the value is properly escaped before inclusion in SQL commands.
  • If an immediate fix is unavailable, restrict database privileges for the web application to the minimum required roles (e.g., read‑only where no deletion is needed) and consider deploying a web application firewall to block suspicious SQL payloads.

Generated by OpenCVE AI on May 4, 2026 at 10:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Codeastro
Codeastro online Classroom
Vendors & Products Codeastro
Codeastro online Classroom

Mon, 04 May 2026 08:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Title CodeAstro Online Classroom facultydetails sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Codeastro Online Classroom
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T12:47:29.054Z

Reserved: 2026-05-03T17:16:15.835Z

Link: CVE-2026-7745

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-04T09:16:00.793

Modified: 2026-05-04T15:17:58.710

Link: CVE-2026-7745

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T10:30:42Z

Weaknesses