← Back
2026-06-08 19:15CVE-2026-11583VulDB
PUBLISHED5.2HardwareCWE-89CWE-74

CodeAstro Student Attendance Management System createClass.php sql injection

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Problem type

Affected products

CodeAstro

Student Attendance Management System

1.0 - AFFECTED

References

VDB-369180 | CodeAstro Student Attendance Management System createClass.php sql injection

https://vuldb.com/vuln/369180

vdb-entrytechnical-description
VDB-369180 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/369180/cti

signaturepermissions-required
CVE-2026-11583 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-11583

third-party-advisory
Submit #836798 | codeastro Student Attendance Management System V1.0 SQL Injection

https://vuldb.com/submit/836798

third-party-advisory
github.com

https://github.com/Andelstander/cve/issues/8

exploitissue-tracking
codeastro.com

https://codeastro.com/

product

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-11583
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-11583",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-06-08T19:15:09.900Z",
    "dateReserved": "2026-06-08T12:05:34.440Z",
    "datePublished": "2026-06-08T19:15:09.900Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-06-08T19:15:09.900Z"
      },
      "title": "CodeAstro Student Attendance Management System createClass.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
        }
      ],
      "affected": [
        {
          "vendor": "CodeAstro",
          "product": "Student Attendance Management System",
          "cpes": [
            "cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
          ],
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/369180",
          "name": "VDB-369180 | CodeAstro Student Attendance Management System createClass.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/369180/cti",
          "name": "VDB-369180 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/cve/CVE-2026-11583",
          "name": "CVE-2026-11583 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://vuldb.com/submit/836798",
          "name": "Submit #836798 | codeastro  Student Attendance Management System V1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/Andelstander/cve/issues/8",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://codeastro.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 6.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-06-08T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-06-08T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-06-08T14:10:48.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "SchneiderGrace (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}