CVE-2026-11585
MediumCVSS 6.3Summary
A vulnerability was identified in CodeAstro Student Attendance Management System version 1.0. Manipulation of the classId argument in the file /attendance-php/Admin/createClassArms.php leads to SQL injection, which can be initiated remotely.
Risk Assessment
An attacker could exploit this vulnerability to gain control over the database, potentially leading to the exposure of sensitive information or data modification.
Recommendation
It is recommended to update the system to the latest version and implement input data filtering to prevent SQL injection.
Original NVD description (English source)
A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

