CVE-2026-6033

MEDIUM

CodeAstro Online Classroom updatedetailsfromstudent.php sql injection

Title source: cna

Description

A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

References (5)

Scores

CVSS v3 6.3
EPSS 0.0003
EPSS Percentile 9.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-74 CWE-89
Status published
Products (1)
CodeAstro/Online Classroom 1.0
Published Apr 10, 2026
Tracked Since Apr 10, 2026