PatchSiren cyber security CVE debrief
CVE-2026-11584 CodeAstro CVE debrief
A SQL injection vulnerability was found in CodeAstro Student Attendance Management System 1.0. The vulnerability affects an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in SQL injection. The attack can be launched remotely. The exploit has been made public and could be used.
- Vendor
- CodeAstro
- Product
- Student Attendance Management System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of CodeAstro Student Attendance Management System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 2.1 and is rated as LOW. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
LOW
Recommended defensive actions
- Apply patches or updates to fix the SQL injection vulnerability.
- Use prepared statements to prevent SQL injection attacks.
- Limit database privileges to the minimum required for the application.
Evidence notes
The vulnerability was found in CodeAstro Student Attendance Management System 1.0. The vendor is listed as Unknown Vendor.
Official resources
CVE-2026-11584 was published on 2026-06-08T20:17:00.163Z and modified on 2026-06-09T01:32:36.950Z.