← Back
2026-06-08 19:45CVE-2026-11585VulDB
PUBLISHED5.2HardwareCWE-89CWE-74

CodeAstro Student Attendance Management System createClassArms.php sql injection

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Problem type

Affected products

CodeAstro

Student Attendance Management System

1.0 - AFFECTED

References

VDB-369182 | CodeAstro Student Attendance Management System createClassArms.php sql injection

https://vuldb.com/vuln/369182

vdb-entrytechnical-description
VDB-369182 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/369182/cti

signaturepermissions-required
CVE-2026-11585 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-11585

third-party-advisory
Submit #836800 | codeastro Student Attendance Management System V1.0 SQL Injection

https://vuldb.com/submit/836800

third-party-advisory
github.com

https://github.com/Andelstander/cve/issues/10

exploitissue-tracking
codeastro.com

https://codeastro.com/

product

GitHub Security Advisories

GHSA-vwqr-rw8h-65xr

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is...

https://github.com/advisories/GHSA-vwqr-rw8h-65xr

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-11585

github.com

https://github.com/Andelstander/cve/issues/10

codeastro.com

https://codeastro.com

vuldb.com

https://vuldb.com/cve/CVE-2026-11585

vuldb.com

https://vuldb.com/submit/836800

vuldb.com

https://vuldb.com/vuln/369182

vuldb.com

https://vuldb.com/vuln/369182/cti

github.com

https://github.com/advisories/GHSA-vwqr-rw8h-65xr

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-11585
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-11585",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-06-08T19:45:11.161Z",
    "dateReserved": "2026-06-08T12:05:39.652Z",
    "datePublished": "2026-06-08T19:45:11.161Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-06-08T19:45:11.161Z"
      },
      "title": "CodeAstro Student Attendance Management System createClassArms.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized."
        }
      ],
      "affected": [
        {
          "vendor": "CodeAstro",
          "product": "Student Attendance Management System",
          "cpes": [
            "cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
          ],
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/369182",
          "name": "VDB-369182 | CodeAstro Student Attendance Management System createClassArms.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/369182/cti",
          "name": "VDB-369182 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/cve/CVE-2026-11585",
          "name": "CVE-2026-11585 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://vuldb.com/submit/836800",
          "name": "Submit #836800 | codeastro  Student Attendance Management System  V1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/Andelstander/cve/issues/10",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://codeastro.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 6.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-06-08T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-06-08T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-06-08T14:10:53.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "SchneiderGrace (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}