PatchSiren cyber security CVE debrief
CVE-2026-11585 CodeAstro CVE debrief
A SQL injection vulnerability was discovered in CodeAstro Student Attendance Management System 1.0. The vulnerability affects an unknown function of the file `/attendance-php/Admin/createClassArms.php`. The manipulation of the `classId` argument causes SQL injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
- Vendor
- CodeAstro
- Product
- Student Attendance Management System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of CodeAstro Student Attendance Management System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 2.1 and a severity of LOW. It is classified under CWE-74 and CWE-89.
Defensive priority
LOW
Recommended defensive actions
- Update to the latest version of CodeAstro Student Attendance Management System, if available.
- Implement input validation and sanitization for the `classId` argument.
- Use prepared statements to prevent SQL injection attacks.
Evidence notes
The vulnerability was reported by an unknown vendor and has a low confidence level.
Official resources
CVE-2026-11585 was published on 2026-06-08T21:16:28.177Z and modified on 2026-06-09T01:32:36.950Z.