CVE-2026-5579

MEDIUM

CodeAstro Online Classroom Parameter updatedetailsfromfaculty.php sql injection

Title source: cna
STIX 2.1

Description

A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parameter Handler. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

References (5)

Scores

CVSS v3 6.3
EPSS 0.0001
EPSS Percentile 1.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-74 CWE-89
Status published
Products (1)
CodeAstro/Online Classroom 1.0
Published Apr 05, 2026
Tracked Since Apr 05, 2026