CVE-2026-12175
MediumCVSS 4.7Exploitation Probability (EPSS)
Low risk25th percentile — higher than 25% of all known CVEs
Summary
A vulnerability was detected in CodeAstro Student Attendance Management System 1.0, allowing SQL injection through manipulation of the admissionNumber argument in the /attendance-php/Admin/createStudents.php file.
Risk Assessment
Remote exploitation of this vulnerability could lead to unauthorized access to the database, posing a serious threat to the organization's data security.
Recommendation
It is recommended to immediately update the system to the latest version and implement proper input filtering and validation.
Original NVD description (English source)
A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

