Description
A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Published: 2026-05-07
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a classic SQL injection in the /askquery.php file of CodeAstro Online Classroom 1.0, triggered by manipulating the squeryx argument. This flaw allows an attacker to inject arbitrary SQL commands into the backend database, potentially exfiltrating, modifying, or deleting data. The flaw is categorized under CWE‑74 and CWE‑89 and has been publicly released for exploitation.

Affected Systems

CodeAstro Online Classroom version 1.0 is affected. No other versions or products are listed.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score is not available, suggesting uncertainty about current exploitation activity. The vulnerability is not listed in the CISA KEV catalog, but it can be exploited remotely from the public network. Attackers with access to the application can trigger the injection without authentication, making it a significant risk for any exposed instance.

Generated by OpenCVE AI on May 7, 2026 at 21:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest CodeAstro version or apply the vendor’s official patch if available.
  • If a patch is not yet released, restrict or remove the squeryx functionality and apply strict input validation, using parameterized queries or stored procedures.
  • Deploy a web application firewall rule to block suspicious SQL patterns targeting the askquery.php endpoint.

Generated by OpenCVE AI on May 7, 2026 at 21:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 07 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Codeastro
Codeastro online Classroom
Vendors & Products Codeastro
Codeastro online Classroom

Thu, 07 May 2026 20:30:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Title CodeAstro Online Classroom askquery.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Codeastro Online Classroom
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-08T13:53:30.465Z

Reserved: 2026-05-07T13:15:44.114Z

Link: CVE-2026-8097

cve-icon Vulnrichment

Updated: 2026-05-08T13:53:26.852Z

cve-icon NVD

Status : Received

Published: 2026-05-07T21:16:30.727

Modified: 2026-05-07T21:16:30.727

Link: CVE-2026-8097

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T21:45:36Z

Weaknesses