← Back
2026-05-04 7:30CVE-2026-7744VulDB
PUBLISHED5.2CWE-89CWE-74

CodeAstro Online Classroom addnewstudent sql injection

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

Problem type

Affected products

CodeAstro

Online Classroom

1.0 - AFFECTED

References

VDB-360919 | CodeAstro Online Classroom addnewstudent sql injection

https://vuldb.com/vuln/360919

vdb-entrytechnical-description
VDB-360919 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/360919/cti

signaturepermissions-required
Submit #807696 | codeastro Online Classroom V1.0 SQL Injection

https://vuldb.com/submit/807696

third-party-advisory
github.com

https://github.com/yuji0903/silver-guide/issues/21

exploitissue-tracking
codeastro.com

https://codeastro.com/

product

GitHub Security Advisories

GHSA-j2h5-84gm-pwv2

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of...

https://github.com/advisories/GHSA-j2h5-84gm-pwv2

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-7744

github.com

https://github.com/yuji0903/silver-guide/issues/21

codeastro.com

https://codeastro.com

vuldb.com

https://vuldb.com/submit/807696

vuldb.com

https://vuldb.com/vuln/360919

vuldb.com

https://vuldb.com/vuln/360919/cti

github.com

https://github.com/advisories/GHSA-j2h5-84gm-pwv2

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7744
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7744",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-05-04T07:30:13.668Z",
    "dateReserved": "2026-05-03T17:16:12.746Z",
    "datePublished": "2026-05-04T07:30:13.668Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-05-04T07:30:13.668Z"
      },
      "title": "CodeAstro Online Classroom addnewstudent sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used."
        }
      ],
      "affected": [
        {
          "vendor": "CodeAstro",
          "product": "Online Classroom",
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/360919",
          "name": "VDB-360919 | CodeAstro Online Classroom addnewstudent sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/360919/cti",
          "name": "VDB-360919 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/807696",
          "name": "Submit #807696 | codeastro  Online Classroom V1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/yuji0903/silver-guide/issues/21",
          "tags": [
            "exploit",
            "issue-tracking"
          ]
        },
        {
          "url": "https://codeastro.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 6.5
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-05-03T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-05-03T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-05-03T19:21:32.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "yu_ji (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}