Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
179 vulnerabilities by CodeAstro
CVE-2026-12175 (GCVE-0-2026-12175)
Vulnerability from cvelistv5 – Published: 2026-06-13 22:45 – Updated: 2026-06-15 10:38
VLAI
Title
CodeAstro Student Attendance Management System createStudents.php sql injection
Summary
A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370816 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370816/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12175 | third-party-advisory |
| https://vuldb.com/submit/837214 | third-party-advisory |
| https://github.com/fgvcbv/cve/issues/1 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Student Attendance Management System |
Affected:
1.0
cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12175",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T10:38:11.710267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T10:38:29.412Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
],
"product": "Student Attendance Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "claudefans (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-13T22:45:06.442Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370816 | CodeAstro Student Attendance Management System createStudents.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370816"
},
{
"name": "VDB-370816 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370816/cti"
},
{
"name": "CVE-2026-12175 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12175"
},
{
"name": "Submit #837214 | codeastro Student Attendance Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837214"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/fgvcbv/cve/issues/1"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-13T07:43:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Student Attendance Management System createStudents.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12175",
"datePublished": "2026-06-13T22:45:06.442Z",
"dateReserved": "2026-06-13T05:38:23.514Z",
"dateUpdated": "2026-06-15T10:38:29.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12131 (GCVE-0-2026-12131)
Vulnerability from cvelistv5 – Published: 2026-06-12 21:15 – Updated: 2026-06-15 13:00
VLAI
Title
CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection
Summary
A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370616 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370616/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12131 | third-party-advisory |
| https://vuldb.com/submit/837207 | third-party-advisory |
| https://github.com/ashikmd0507/CVE/tree/main/SQL-… | exploit |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Human Resource Management System |
Affected:
1.0
cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12131",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T13:00:35.335885Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T13:00:46.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Payroll Invoice Module"
],
"product": "Human Resource Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ashikmd7 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \\application\\controllers\\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T21:15:08.544Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370616 | CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370616"
},
{
"name": "VDB-370616 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370616/cti"
},
{
"name": "CVE-2026-12131 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12131"
},
{
"name": "Submit #837207 | CodeAstro Human Resource Management System in PHP CodeIgniter v1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837207"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ashikmd0507/CVE/tree/main/SQL-Injection-via-Payroll-Invoice-Module"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-12T17:26:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12131",
"datePublished": "2026-06-12T21:15:08.544Z",
"dateReserved": "2026-06-12T15:21:07.851Z",
"dateUpdated": "2026-06-15T13:00:46.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12130 (GCVE-0-2026-12130)
Vulnerability from cvelistv5 – Published: 2026-06-12 20:45 – Updated: 2026-06-15 19:27
VLAI
Title
CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting
Summary
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370615 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370615/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12130 | third-party-advisory |
| https://vuldb.com/submit/837202 | third-party-advisory |
| https://github.com/ashikmd0507/CVE/tree/main/Stor… | exploit |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Human Resource Management System |
Affected:
1.0
cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12130",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-15T17:06:30.422384Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-15T19:27:45.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Projects Management Page"
],
"product": "Human Resource Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ashikmd7 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T20:45:08.820Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370615 | CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370615"
},
{
"name": "VDB-370615 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370615/cti"
},
{
"name": "CVE-2026-12130 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12130"
},
{
"name": "Submit #837202 | CodeAstro Human Resource Management System in PHP CodeIgniter v1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837202"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ashikmd0507/CVE/tree/main/Stored-XSS-via-Project-Title"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-12T17:26:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Human Resource Management System Projects Management Add_Projects cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12130",
"datePublished": "2026-06-12T20:45:08.820Z",
"dateReserved": "2026-06-12T15:21:05.200Z",
"dateUpdated": "2026-06-15T19:27:45.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12129 (GCVE-0-2026-12129)
Vulnerability from cvelistv5 – Published: 2026-06-12 20:30 – Updated: 2026-06-13 03:33
VLAI
Title
CodeAstro Human Resource Management System Dashboard add_tod cross site scripting
Summary
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/370614 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/370614/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12129 | third-party-advisory |
| https://vuldb.com/submit/837196 | third-party-advisory |
| https://github.com/ashikmd0507/CVE/tree/main/Stor… | exploit |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Human Resource Management System |
Affected:
1.0
cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12129",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-13T03:32:58.936557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-13T03:33:10.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Dashboard Interface"
],
"product": "Human Resource Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ashikmd7 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-12T20:30:09.197Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-370614 | CodeAstro Human Resource Management System Dashboard add_tod cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/370614"
},
{
"name": "VDB-370614 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/370614/cti"
},
{
"name": "CVE-2026-12129 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12129"
},
{
"name": "Submit #837196 | CodeAstro Human Resource Management System in PHP CodeIgniter v1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/837196"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ashikmd0507/CVE/tree/main/Stored-XSS-via-TO-DO-LIST"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-12T17:26:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Human Resource Management System Dashboard add_tod cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12129",
"datePublished": "2026-06-12T20:30:09.197Z",
"dateReserved": "2026-06-12T15:21:02.352Z",
"dateUpdated": "2026-06-13T03:33:10.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11585 (GCVE-0-2026-11585)
Vulnerability from cvelistv5 – Published: 2026-06-08 19:45 – Updated: 2026-06-09 13:29
VLAI
Title
CodeAstro Student Attendance Management System createClassArms.php sql injection
Summary
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369182 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369182/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11585 | third-party-advisory |
| https://vuldb.com/submit/836800 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/10 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Student Attendance Management System |
Affected:
1.0
cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11585",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:29:09.063346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:29:38.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
],
"product": "Student Attendance Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:45:11.161Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369182 | CodeAstro Student Attendance Management System createClassArms.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369182"
},
{
"name": "VDB-369182 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369182/cti"
},
{
"name": "CVE-2026-11585 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11585"
},
{
"name": "Submit #836800 | codeastro Student Attendance Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836800"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/10"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T14:10:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Student Attendance Management System createClassArms.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11585",
"datePublished": "2026-06-08T19:45:11.161Z",
"dateReserved": "2026-06-08T12:05:39.652Z",
"dateUpdated": "2026-06-09T13:29:38.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11584 (GCVE-0-2026-11584)
Vulnerability from cvelistv5 – Published: 2026-06-08 19:30 – Updated: 2026-06-09 15:13
VLAI
Title
CodeAstro Student Attendance Management System createClass.php edit sql injection
Summary
A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369181 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369181/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11584 | third-party-advisory |
| https://vuldb.com/submit/836799 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/9 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Student Attendance Management System |
Affected:
1.0
cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11584",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:56:49.960669Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:13:47.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
],
"product": "Student Attendance Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:30:09.822Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369181 | CodeAstro Student Attendance Management System createClass.php edit sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369181"
},
{
"name": "VDB-369181 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369181/cti"
},
{
"name": "CVE-2026-11584 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11584"
},
{
"name": "Submit #836799 | codeastro Student Attendance Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836799"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/9"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T14:10:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Student Attendance Management System createClass.php edit sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11584",
"datePublished": "2026-06-08T19:30:09.822Z",
"dateReserved": "2026-06-08T12:05:37.005Z",
"dateUpdated": "2026-06-09T15:13:47.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11583 (GCVE-0-2026-11583)
Vulnerability from cvelistv5 – Published: 2026-06-08 19:15 – Updated: 2026-06-09 15:57
VLAI
Title
CodeAstro Student Attendance Management System createClass.php sql injection
Summary
A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369180 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369180/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11583 | third-party-advisory |
| https://vuldb.com/submit/836798 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/8 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Student Attendance Management System |
Affected:
1.0
cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11583",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:57:03.360765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:57:15.034Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
],
"product": "Student Attendance Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:15:09.900Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369180 | CodeAstro Student Attendance Management System createClass.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369180"
},
{
"name": "VDB-369180 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369180/cti"
},
{
"name": "CVE-2026-11583 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11583"
},
{
"name": "Submit #836798 | codeastro Student Attendance Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836798"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/8"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T14:10:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Student Attendance Management System createClass.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11583",
"datePublished": "2026-06-08T19:15:09.900Z",
"dateReserved": "2026-06-08T12:05:34.440Z",
"dateUpdated": "2026-06-09T15:57:15.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11582 (GCVE-0-2026-11582)
Vulnerability from cvelistv5 – Published: 2026-06-08 19:00 – Updated: 2026-06-09 12:45
VLAI
Title
CodeAstro Student Attendance Management System index.php sql injection
Summary
A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369179 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369179/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11582 | third-party-advisory |
| https://vuldb.com/submit/836796 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/7 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Student Attendance Management System |
Affected:
1.0
cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11582",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T12:37:02.444321Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T12:45:27.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:h:codeastro:student_attendance_management_system:*:*:*:*:*:*:*:*"
],
"product": "Student Attendance Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:00:12.715Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369179 | CodeAstro Student Attendance Management System index.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369179"
},
{
"name": "VDB-369179 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369179/cti"
},
{
"name": "CVE-2026-11582 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11582"
},
{
"name": "Submit #836796 | codeastro Student Attendance Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836796"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/7"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T14:10:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Student Attendance Management System index.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11582",
"datePublished": "2026-06-08T19:00:12.715Z",
"dateReserved": "2026-06-08T12:05:31.578Z",
"dateUpdated": "2026-06-09T12:45:27.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11559 (GCVE-0-2026-11559)
Vulnerability from cvelistv5 – Published: 2026-06-08 18:45 – Updated: 2026-06-09 16:09
VLAI
Title
CodeAstro Payroll System view_account.php sql injection
Summary
A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369169 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369169/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11559 | third-party-advisory |
| https://vuldb.com/submit/836791 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/1 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Payroll System |
Affected:
1.0
cpe:2.3:a:codeastro:payroll_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11559",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T16:08:45.989192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T16:09:05.280Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:payroll_system:*:*:*:*:*:*:*:*"
],
"product": "Payroll System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T18:45:08.127Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369169 | CodeAstro Payroll System view_account.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369169"
},
{
"name": "VDB-369169 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369169/cti"
},
{
"name": "CVE-2026-11559 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11559"
},
{
"name": "Submit #836791 | codeastro Payroll System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836791"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/1"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T08:03:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Payroll System view_account.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11559",
"datePublished": "2026-06-08T18:45:08.127Z",
"dateReserved": "2026-06-08T05:58:16.703Z",
"dateUpdated": "2026-06-09T16:09:05.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11558 (GCVE-0-2026-11558)
Vulnerability from cvelistv5 – Published: 2026-06-08 18:30 – Updated: 2026-06-08 19:16
VLAI
Title
CodeAstro Payroll System home_salary.php sql injection
Summary
A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369168 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369168/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11558 | third-party-advisory |
| https://vuldb.com/submit/836785 | third-party-advisory |
| https://vuldb.com/submit/836790 | third-party-advisory |
| https://github.com/sl1der-fr0g/Findings/issues/1 | issue-tracking |
| https://github.com/Andelstander/cve/issues/2 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Payroll System |
Affected:
1.0
cpe:2.3:a:codeastro:payroll_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11558",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T19:16:15.615963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T19:16:21.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:payroll_system:*:*:*:*:*:*:*:*"
],
"product": "Payroll System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cshwswwsshd99 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T18:30:09.163Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369168 | CodeAstro Payroll System home_salary.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369168"
},
{
"name": "VDB-369168 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369168/cti"
},
{
"name": "CVE-2026-11558 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11558"
},
{
"name": "Submit #836785 | codeastro Payroll System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836785"
},
{
"name": "Submit #836790 | codeastro Payroll System V1.0 SQL Injection (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836790"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/sl1der-fr0g/Findings/issues/1"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/2"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-08T08:03:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Payroll System home_salary.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11558",
"datePublished": "2026-06-08T18:30:09.163Z",
"dateReserved": "2026-06-08T05:58:14.336Z",
"dateUpdated": "2026-06-08T19:16:21.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11510 (GCVE-0-2026-11510)
Vulnerability from cvelistv5 – Published: 2026-06-08 11:30 – Updated: 2026-06-08 12:54
VLAI
Title
CodeAstro Leave Management System add_leave.php sql injection
Summary
A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369130 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369130/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11510 | third-party-advisory |
| https://vuldb.com/submit/836789 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/3 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Leave Management System |
Affected:
1.0
cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11510",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T12:54:08.321139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T12:54:17.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:*"
],
"product": "Leave Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T11:30:10.281Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369130 | CodeAstro Leave Management System add_leave.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369130"
},
{
"name": "VDB-369130 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369130/cti"
},
{
"name": "CVE-2026-11510 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11510"
},
{
"name": "Submit #836789 | codeastro Leave Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836789"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/3"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T16:13:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Leave Management System add_leave.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11510",
"datePublished": "2026-06-08T11:30:10.281Z",
"dateReserved": "2026-06-07T14:08:42.498Z",
"dateUpdated": "2026-06-08T12:54:17.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11509 (GCVE-0-2026-11509)
Vulnerability from cvelistv5 – Published: 2026-06-08 11:15 – Updated: 2026-06-08 16:22
VLAI
Title
CodeAstro Leave Management System search_staff_for_updation.php sql injection
Summary
A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369129 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369129/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11509 | third-party-advisory |
| https://vuldb.com/submit/836788 | third-party-advisory |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Leave Management System |
Affected:
1.0
cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T12:45:30.541001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:22:16.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:*"
],
"product": "Leave Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB Vulnerability Moderation Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:X",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:ND",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T11:15:08.163Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369129 | CodeAstro Leave Management System search_staff_for_updation.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369129"
},
{
"name": "VDB-369129 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369129/cti"
},
{
"name": "CVE-2026-11509 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11509"
},
{
"name": "Submit #836788 | codeastro Leave Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836788"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T16:13:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Leave Management System search_staff_for_updation.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11509",
"datePublished": "2026-06-08T11:15:08.163Z",
"dateReserved": "2026-06-07T14:08:39.813Z",
"dateUpdated": "2026-06-08T16:22:16.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11508 (GCVE-0-2026-11508)
Vulnerability from cvelistv5 – Published: 2026-06-08 11:00 – Updated: 2026-06-09 15:16
VLAI
Title
CodeAstro Leave Management System search_staff_to_assign_pc.php sql injection
Summary
A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369128 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369128/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11508 | third-party-advisory |
| https://vuldb.com/submit/836786 | third-party-advisory |
| https://github.com/Andelstander/cve/issues/6 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Leave Management System |
Affected:
1.0
cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11508",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:54:22.216870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:16:36.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:*"
],
"product": "Leave Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SchneiderGrace (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T11:00:14.109Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369128 | CodeAstro Leave Management System search_staff_to_assign_pc.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369128"
},
{
"name": "VDB-369128 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369128/cti"
},
{
"name": "CVE-2026-11508 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11508"
},
{
"name": "Submit #836786 | codeastro Leave Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836786"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Andelstander/cve/issues/6"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T16:13:52.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Leave Management System search_staff_to_assign_pc.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11508",
"datePublished": "2026-06-08T11:00:14.109Z",
"dateReserved": "2026-06-07T14:08:36.953Z",
"dateUpdated": "2026-06-09T15:16:36.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11507 (GCVE-0-2026-11507)
Vulnerability from cvelistv5 – Published: 2026-06-08 10:45 – Updated: 2026-06-08 13:59
VLAI
Title
CodeAstro Leave Management System delete_leave_type.php sql injection
Summary
A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369127 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369127/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11507 | third-party-advisory |
| https://vuldb.com/submit/835732 | third-party-advisory |
| https://github.com/jimages/PoC/issues/2 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Leave Management System |
Affected:
1.0
cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11507",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T13:59:16.983848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T13:59:30.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:*"
],
"product": "Leave Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jimages123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T10:45:09.207Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369127 | CodeAstro Leave Management System delete_leave_type.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369127"
},
{
"name": "VDB-369127 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369127/cti"
},
{
"name": "CVE-2026-11507 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11507"
},
{
"name": "Submit #835732 | codeastro Leave Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/835732"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/jimages/PoC/issues/2"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T16:13:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Leave Management System delete_leave_type.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11507",
"datePublished": "2026-06-08T10:45:09.207Z",
"dateReserved": "2026-06-07T14:08:34.386Z",
"dateUpdated": "2026-06-08T13:59:30.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11506 (GCVE-0-2026-11506)
Vulnerability from cvelistv5 – Published: 2026-06-08 10:30 – Updated: 2026-06-09 15:40
VLAI
Title
CodeAstro Leave Management System search_staff_for_deletion.php sql injection
Summary
A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369126 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369126/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11506 | third-party-advisory |
| https://vuldb.com/submit/835731 | third-party-advisory |
| https://github.com/jimages/PoC/issues/1 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Leave Management System |
Affected:
1.0
cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11506",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T15:40:45.428178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T15:40:58.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:*"
],
"product": "Leave Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "jimages123 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T10:30:11.488Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369126 | CodeAstro Leave Management System search_staff_for_deletion.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369126"
},
{
"name": "VDB-369126 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369126/cti"
},
{
"name": "CVE-2026-11506 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11506"
},
{
"name": "Submit #835731 | codeastro Leave Management System V1.0 sql",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/835731"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/jimages/PoC/issues/1"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T16:13:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Leave Management System search_staff_for_deletion.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11506",
"datePublished": "2026-06-08T10:30:11.488Z",
"dateReserved": "2026-06-07T14:08:31.946Z",
"dateUpdated": "2026-06-09T15:40:58.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11495 (GCVE-0-2026-11495)
Vulnerability from cvelistv5 – Published: 2026-06-08 06:15 – Updated: 2026-06-08 10:46
VLAI
Title
CodeAstro Ingredients Stock Management System add_stock.php sql injection
Summary
A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/add_stock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369115 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369115/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11495 | third-party-advisory |
| https://vuldb.com/submit/835035 | third-party-advisory |
| https://github.com/yihaofuweng/cve/issues/66 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Ingredients Stock Management System |
Affected:
1.0
cpe:2.3:a:codeastro:ingredients_stock_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11495",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T10:38:43.105775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T10:46:45.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:ingredients_stock_management_system:*:*:*:*:*:*:*:*"
],
"product": "Ingredients Stock Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yangqiangfeng (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/add_stock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T06:15:13.214Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369115 | CodeAstro Ingredients Stock Management System add_stock.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369115"
},
{
"name": "VDB-369115 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369115/cti"
},
{
"name": "CVE-2026-11495 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11495"
},
{
"name": "Submit #835035 | codeastro Ingredients Stock Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/835035"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yihaofuweng/cve/issues/66"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T12:29:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Ingredients Stock Management System add_stock.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11495",
"datePublished": "2026-06-08T06:15:13.214Z",
"dateReserved": "2026-06-07T10:22:02.709Z",
"dateUpdated": "2026-06-08T10:46:45.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11491 (GCVE-0-2026-11491)
Vulnerability from cvelistv5 – Published: 2026-06-08 05:15 – Updated: 2026-06-08 16:32
VLAI
Title
CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting
Summary
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input <svg onload="alert('Stored XSS Triggered by Ashik Mohamed')"> as part of POST leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369111 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369111/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11491 | third-party-advisory |
| https://vuldb.com/submit/834747 | third-party-advisory |
| https://github.com/ashikmd0507/CVE/blob/main/CVE-… | exploit |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Human Resource Management System |
Affected:
1.0
cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11491",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T12:48:19.181226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T16:32:27.215Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:human_resource_management_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Notice Board Management"
],
"product": "Human Resource Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ashik Mohamed"
},
{
"lang": "en",
"type": "reporter",
"value": "ashikmd7 (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "ashikmd7 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input \u003csvg onload=\"alert(\u0027Stored XSS Triggered by Ashik Mohamed\u0027)\"\u003e as part of POST leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T05:15:08.023Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369111 | CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369111"
},
{
"name": "VDB-369111 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369111/cti"
},
{
"name": "CVE-2026-11491 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11491"
},
{
"name": "Submit #834747 | CodeAstro Human Resource Management System in PHP CodeIgniter 1.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/834747"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ashikmd0507/CVE/blob/main/CVE-2026-11491/README.md"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Vendor acknowledged"
},
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Exploit disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T15:33:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Human Resource Management System Notice Board Management All_notice cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11491",
"datePublished": "2026-06-08T05:15:08.023Z",
"dateReserved": "2026-06-07T10:13:37.591Z",
"dateUpdated": "2026-06-08T16:32:27.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10286 (GCVE-0-2026-10286)
Vulnerability from cvelistv5 – Published: 2026-06-01 19:30 – Updated: 2026-06-02 15:41
VLAI
Title
CodeAstro Payroll System home_employee.php sql injection
Summary
A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The manipulation of the argument emp_id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367579 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367579/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10286 | third-party-advisory |
| https://vuldb.com/submit/825566 | third-party-advisory |
| https://github.com/yihaofuweng/cve/issues/65 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Payroll System |
Affected:
1.0
cpe:2.3:a:codeastro:payroll_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10286",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T15:41:27.308523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T15:41:41.554Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:payroll_system:*:*:*:*:*:*:*:*"
],
"product": "Payroll System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yangqiangfeng (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The manipulation of the argument emp_id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T19:30:09.652Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367579 | CodeAstro Payroll System home_employee.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367579"
},
{
"name": "VDB-367579 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367579/cti"
},
{
"name": "CVE-2026-10286 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10286"
},
{
"name": "Submit #825566 | codeastro Payroll System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/825566"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yihaofuweng/cve/issues/65"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T18:37:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Payroll System home_employee.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10286",
"datePublished": "2026-06-01T19:30:09.652Z",
"dateReserved": "2026-05-31T16:32:33.990Z",
"dateUpdated": "2026-06-02T15:41:41.554Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10261 (GCVE-0-2026-10261)
Vulnerability from cvelistv5 – Published: 2026-06-01 13:30 – Updated: 2026-06-01 15:23
VLAI
Title
CodeAstro Online Job Portal application_status.php sql injection
Summary
A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/application_status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367541 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367541/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10261 | third-party-advisory |
| https://vuldb.com/submit/824874 | third-party-advisory |
| https://github.com/6Justdododo6/CVE/issues/19 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Job Portal |
Affected:
1.0
cpe:2.3:a:codeastro:online_job_portal:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10261",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T15:17:25.821037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T15:23:04.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:online_job_portal:*:*:*:*:*:*:*:*"
],
"product": "Online Job Portal",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XuYue (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/application_status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:30:09.230Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367541 | CodeAstro Online Job Portal application_status.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367541"
},
{
"name": "VDB-367541 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367541/cti"
},
{
"name": "CVE-2026-10261 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10261"
},
{
"name": "Submit #824874 | CodeAstro Online Job Portal Project V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/824874"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/6Justdododo6/CVE/issues/19"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T14:51:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Job Portal application_status.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10261",
"datePublished": "2026-06-01T13:30:09.230Z",
"dateReserved": "2026-05-31T12:46:06.524Z",
"dateUpdated": "2026-06-01T15:23:04.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10260 (GCVE-0-2026-10260)
Vulnerability from cvelistv5 – Published: 2026-06-01 13:15 – Updated: 2026-06-01 15:03
VLAI
Title
CodeAstro Online Job Portal delete-jobs.php sql injection
Summary
A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367540 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367540/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10260 | third-party-advisory |
| https://vuldb.com/submit/824873 | third-party-advisory |
| https://github.com/6Justdododo6/CVE/issues/18 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Job Portal |
Affected:
1.0
cpe:2.3:a:codeastro:online_job_portal:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10260",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T15:03:26.688076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T15:03:32.348Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:online_job_portal:*:*:*:*:*:*:*:*"
],
"product": "Online Job Portal",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "XuYue (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T13:15:07.555Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367540 | CodeAstro Online Job Portal delete-jobs.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367540"
},
{
"name": "VDB-367540 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367540/cti"
},
{
"name": "CVE-2026-10260 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10260"
},
{
"name": "Submit #824873 | CodeAstro Online Job Portal Project V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/824873"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/6Justdododo6/CVE/issues/18"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T14:51:11.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Job Portal delete-jobs.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10260",
"datePublished": "2026-06-01T13:15:07.555Z",
"dateReserved": "2026-05-31T12:46:04.080Z",
"dateUpdated": "2026-06-01T15:03:32.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10235 (GCVE-0-2026-10235)
Vulnerability from cvelistv5 – Published: 2026-06-01 07:15 – Updated: 2026-06-01 14:53
VLAI
Title
CodeAstro Ingredients Stock Management System stock_manager.php sql injection
Summary
A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock_manager.php. This manipulation of the argument txt_search_category causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/367514 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/367514/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10235 | third-party-advisory |
| https://vuldb.com/submit/823086 | third-party-advisory |
| https://github.com/Pluto2362/CVE/issues/1 | broken-linkexploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Ingredients Stock Management System |
Affected:
1.0
cpe:2.3:a:codeastro:ingredients_stock_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10235",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T14:53:44.982067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T14:53:51.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:ingredients_stock_management_system:*:*:*:*:*:*:*:*"
],
"product": "Ingredients Stock Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Tomato0o (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock_manager.php. This manipulation of the argument txt_search_category causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T07:15:08.561Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-367514 | CodeAstro Ingredients Stock Management System stock_manager.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/367514"
},
{
"name": "VDB-367514 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/367514/cti"
},
{
"name": "CVE-2026-10235 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10235"
},
{
"name": "Submit #823086 | codeastro Ingredients Stock Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/823086"
},
{
"tags": [
"broken-link",
"exploit",
"issue-tracking"
],
"url": "https://github.com/Pluto2362/CVE/issues/1"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-31T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-31T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-31T10:26:38.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Ingredients Stock Management System stock_manager.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10235",
"datePublished": "2026-06-01T07:15:08.561Z",
"dateReserved": "2026-05-31T08:21:34.356Z",
"dateUpdated": "2026-06-01T14:53:51.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9542 (GCVE-0-2026-9542)
Vulnerability from cvelistv5 – Published: 2026-05-26 12:00 – Updated: 2026-05-28 14:56
VLAI
Title
CodeAstro Leave Management System add_staff.php sql injection
Summary
A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_id can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/365603 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/365603/cti | signaturepermissions-required |
| https://vuldb.com/submit/814866 | third-party-advisory |
| https://github.com/wangchaoxing/CVE/issues/8 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Leave Management System |
Affected:
1.0
cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-9542",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T14:55:47.769339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:56:04.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:codeastro:leave_management_system:*:*:*:*:*:*:*:*"
],
"product": "Leave Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "wangchaoxing (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_id can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-26T12:00:14.744Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-365603 | CodeAstro Leave Management System add_staff.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/365603"
},
{
"name": "VDB-365603 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/365603/cti"
},
{
"name": "Submit #814866 | codeastro Leave Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/814866"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/wangchaoxing/CVE/issues/8"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-26T07:59:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Leave Management System add_staff.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-9542",
"datePublished": "2026-05-26T12:00:14.744Z",
"dateReserved": "2026-05-26T05:54:21.145Z",
"dateUpdated": "2026-05-28T14:56:04.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8231 (GCVE-0-2026-8231)
Vulnerability from cvelistv5 – Published: 2026-05-10 05:00 – Updated: 2026-05-11 17:31
VLAI
Title
CodeAstro Online Catering Ordering System deleteorder.php sql injection
Summary
A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/362448 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/362448/cti | signaturepermissions-required |
| https://vuldb.com/submit/808783 | third-party-advisory |
| https://github.com/yihaofuweng/cve/issues/63 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Catering Ordering System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8231",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-11T15:59:20.084475Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T17:31:45.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Catering Ordering System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yingxiujie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-10T05:00:14.951Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-362448 | CodeAstro Online Catering Ordering System deleteorder.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/362448"
},
{
"name": "VDB-362448 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/362448/cti"
},
{
"name": "Submit #808783 | codeastro Online Catering Ordering System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/808783"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yihaofuweng/cve/issues/63"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-09T10:02:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Catering Ordering System deleteorder.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8231",
"datePublished": "2026-05-10T05:00:14.951Z",
"dateReserved": "2026-05-09T07:57:50.782Z",
"dateUpdated": "2026-05-11T17:31:45.858Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8132 (GCVE-0-2026-8132)
Vulnerability from cvelistv5 – Published: 2026-05-08 03:15 – Updated: 2026-05-08 20:05
VLAI
Title
CodeAstro Leave Management System login.php sql injection
Summary
A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/361922 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/361922/cti | signaturepermissions-required |
| https://vuldb.com/submit/808784 | third-party-advisory |
| https://github.com/yihaofuweng/cve/issues/64 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Leave Management System |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8132",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T20:03:51.757627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T20:05:10.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Leave Management System",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yingxiujie (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T03:15:09.496Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-361922 | CodeAstro Leave Management System login.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/361922"
},
{
"name": "VDB-361922 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/361922/cti"
},
{
"name": "Submit #808784 | codeastro Leave Management System V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/808784"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yihaofuweng/cve/issues/64"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-07T19:34:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Leave Management System login.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8132",
"datePublished": "2026-05-08T03:15:09.496Z",
"dateReserved": "2026-05-07T17:29:00.337Z",
"dateUpdated": "2026-05-08T20:05:10.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-8097 (GCVE-0-2026-8097)
Vulnerability from cvelistv5 – Published: 2026-05-07 20:15 – Updated: 2026-05-08 13:53
VLAI
Title
CodeAstro Online Classroom askquery.php sql injection
Summary
A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/361849 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/361849/cti | signaturepermissions-required |
| https://vuldb.com/submit/808115 | third-party-advisory |
| http://github.com/suze233/CVE/issues/1 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Classroom |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-8097",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T13:53:19.553834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T13:53:30.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Classroom",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Kun Liang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T20:15:12.699Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-361849 | CodeAstro Online Classroom askquery.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/361849"
},
{
"name": "VDB-361849 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/361849/cti"
},
{
"name": "Submit #808115 | codeastro Online Classroom V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/808115"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "http://github.com/suze233/CVE/issues/1"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-07T15:21:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Classroom askquery.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-8097",
"datePublished": "2026-05-07T20:15:12.699Z",
"dateReserved": "2026-05-07T13:15:44.114Z",
"dateUpdated": "2026-05-08T13:53:30.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7745 (GCVE-0-2026-7745)
Vulnerability from cvelistv5 – Published: 2026-05-04 07:45 – Updated: 2026-05-04 12:47
VLAI
Title
CodeAstro Online Classroom facultydetails sql injection
Summary
A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360920 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360920/cti | signaturepermissions-required |
| https://vuldb.com/submit/807697 | third-party-advisory |
| https://github.com/yuji0903/silver-guide/issues/22 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Classroom |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7745",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T12:47:22.443294Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T12:47:29.054Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Classroom",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yu_ji (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T07:45:11.285Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360920 | CodeAstro Online Classroom facultydetails sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360920"
},
{
"name": "VDB-360920 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360920/cti"
},
{
"name": "Submit #807697 | codeastro Online Classroom V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807697"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yuji0903/silver-guide/issues/22"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-03T19:21:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Classroom facultydetails sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7745",
"datePublished": "2026-05-04T07:45:11.285Z",
"dateReserved": "2026-05-03T17:16:15.835Z",
"dateUpdated": "2026-05-04T12:47:29.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7744 (GCVE-0-2026-7744)
Vulnerability from cvelistv5 – Published: 2026-05-04 07:30 – Updated: 2026-05-05 18:10
VLAI
Title
CodeAstro Online Classroom addnewstudent sql injection
Summary
A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360919 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360919/cti | signaturepermissions-required |
| https://vuldb.com/submit/807696 | third-party-advisory |
| https://github.com/yuji0903/silver-guide/issues/21 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Classroom |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7744",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T18:10:10.315955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T18:10:47.678Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Classroom",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yu_ji (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T07:30:13.668Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360919 | CodeAstro Online Classroom addnewstudent sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360919"
},
{
"name": "VDB-360919 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360919/cti"
},
{
"name": "Submit #807696 | codeastro Online Classroom V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807696"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yuji0903/silver-guide/issues/21"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-03T19:21:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Classroom addnewstudent sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7744",
"datePublished": "2026-05-04T07:30:13.668Z",
"dateReserved": "2026-05-03T17:16:12.746Z",
"dateUpdated": "2026-05-05T18:10:47.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7743 (GCVE-0-2026-7743)
Vulnerability from cvelistv5 – Published: 2026-05-04 07:15 – Updated: 2026-05-05 00:58
VLAI
Title
CodeAstro Online Classroom studentdetails sql injection
Summary
A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360918 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360918/cti | signaturepermissions-required |
| https://vuldb.com/submit/807695 | third-party-advisory |
| https://github.com/yuji0903/silver-guide/issues/20 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Classroom |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7743",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-05T00:58:22.395350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-05T00:58:34.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Classroom",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yu_ji (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T07:15:10.911Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360918 | CodeAstro Online Classroom studentdetails sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360918"
},
{
"name": "VDB-360918 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360918/cti"
},
{
"name": "Submit #807695 | codeastro Online Classroom V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807695"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yuji0903/silver-guide/issues/20"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-03T19:21:28.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Classroom studentdetails sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7743",
"datePublished": "2026-05-04T07:15:10.911Z",
"dateReserved": "2026-05-03T17:16:09.627Z",
"dateUpdated": "2026-05-05T00:58:34.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7742 (GCVE-0-2026-7742)
Vulnerability from cvelistv5 – Published: 2026-05-04 07:00 – Updated: 2026-05-04 10:33
VLAI
Title
CodeAstro Online Classroom facultylogin sql injection
Summary
A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360917 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360917/cti | signaturepermissions-required |
| https://vuldb.com/submit/807694 | third-party-advisory |
| https://github.com/yuji0903/silver-guide/issues/19 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Classroom |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7742",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T10:33:03.509513Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T10:33:28.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Classroom",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yu_ji (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T07:00:15.853Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360917 | CodeAstro Online Classroom facultylogin sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360917"
},
{
"name": "VDB-360917 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360917/cti"
},
{
"name": "Submit #807694 | codeastro Online Classroom V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807694"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yuji0903/silver-guide/issues/19"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-03T19:21:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Classroom facultylogin sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7742",
"datePublished": "2026-05-04T07:00:15.853Z",
"dateReserved": "2026-05-03T17:16:06.540Z",
"dateUpdated": "2026-05-04T10:33:28.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-7741 (GCVE-0-2026-7741)
Vulnerability from cvelistv5 – Published: 2026-05-04 06:45 – Updated: 2026-05-04 12:46
VLAI
Title
CodeAstro Online Classroom studentlogin sql injection
Summary
A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/360916 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/360916/cti | signaturepermissions-required |
| https://vuldb.com/submit/807692 | third-party-advisory |
| https://github.com/yuji0903/silver-guide/issues/18 | exploitissue-tracking |
| https://codeastro.com/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CodeAstro | Online Classroom |
Affected:
1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-7741",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-04T12:46:11.898954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T12:46:32.316Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Online Classroom",
"vendor": "CodeAstro",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "yu_ji (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T06:45:11.689Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-360916 | CodeAstro Online Classroom studentlogin sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/360916"
},
{
"name": "VDB-360916 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/360916/cti"
},
{
"name": "Submit #807692 | codeastro Online Classroom V1.0 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/807692"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/yuji0903/silver-guide/issues/18"
},
{
"tags": [
"product"
],
"url": "https://codeastro.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-03T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-05-03T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-05-03T19:21:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "CodeAstro Online Classroom studentlogin sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-7741",
"datePublished": "2026-05-04T06:45:11.689Z",
"dateReserved": "2026-05-03T17:16:03.209Z",
"dateUpdated": "2026-05-04T12:46:32.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}