PatchSiren cyber security CVE debrief
CVE-2026-11582 CodeAstro CVE debrief
A SQL injection vulnerability has been discovered in CodeAstro Student Attendance Management System 1.0. The vulnerability exists in an unknown function of the file /attendance-php/index.php and can be exploited by manipulating the Username argument. The attack can be performed remotely and has been publicly disclosed.
- Vendor
- CodeAstro
- Product
- Student Attendance Management System
- CVSS
- MEDIUM 5.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of CodeAstro Student Attendance Management System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.5 and is rated as MEDIUM. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
MEDIUM
Recommended defensive actions
- Update to the latest version of CodeAstro Student Attendance Management System, if available.
- Implement input validation and sanitization to prevent SQL injection attacks.
- Monitor the system for suspicious activity and implement logging and auditing mechanisms.
Evidence notes
The vendor of the affected product is currently unknown, but evidence suggests it may be Codeastro.
Official resources
CVE-2026-11582 was published on 2026-06-08T20:16:59.780Z and modified on 2026-06-09T01:32:36.950Z.