PatchSiren cyber security CVE debrief
CVE-2026-11583 CodeAstro CVE debrief
A SQL injection vulnerability has been identified in CodeAstro Student Attendance Management System 1.0. The vulnerability affects an unknown function of the file `/attendance-php/Admin/createClass.php`. The manipulation of the argument `className` leads to SQL injection. This vulnerability can be exploited remotely.
- Vendor
- CodeAstro
- Product
- Student Attendance Management System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of CodeAstro Student Attendance Management System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 2.1 and a severity of LOW. The CVSS vector is `CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X`.
Defensive priority
LOW
Recommended defensive actions
- Update to the latest version of CodeAstro Student Attendance Management System, if available.
- Implement input validation and sanitization for user input.
- Use prepared statements with parameterized queries to prevent SQL injection.
Evidence notes
The vulnerability was disclosed publicly and may be used for exploitation.
Official resources
CVE-2026-11583 was published on 2026-06-08T20:16:59.990Z and modified on 2026-06-09T01:32:36.950Z.