CVE Catalog

CVE-2026-12175

MediumCVSS 4.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0, allowing SQL injection through manipulation of the admissionNumber argument in the /attendance-php/Admin/createStudents.php file.

Risk Assessment

Remote exploitation of this vulnerability could lead to unauthorized access to the database, posing a serious threat to the organization's data security.

Recommendation

It is recommended to immediately update the system to the latest version and implement proper input filtering and validation.

Original NVD description (English source)

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS