CVE-2026-6010

MEDIUM

CodeAstro Online Classroom takeassessment2.php sql injection

Title source: cna

Description

A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

References (5)

Scores

CVSS v3 6.3
EPSS 0.0003
EPSS Percentile 9.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-74 CWE-89
Status published
Products (2)
CodeAstro/Online Classroom 1.0
CodeAstro/Online Classroom 2.php
Published Apr 10, 2026
Tracked Since Apr 10, 2026