CVE Catalog

CVE-2026-11585

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Summary

A vulnerability was identified in CodeAstro Student Attendance Management System version 1.0. Manipulation of the classId argument in the file /attendance-php/Admin/createClassArms.php leads to SQL injection, which can be initiated remotely.

Risk Assessment

An attacker could exploit this vulnerability to gain control over the database, potentially leading to the exposure of sensitive information or data modification.

Recommendation

It is recommended to update the system to the latest version and implement input data filtering to prevent SQL injection.

Original NVD description (English source)

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS