PatchSiren cyber security CVE debrief
CVE-2026-12175 CodeAstro CVE debrief
A SQL injection vulnerability was detected in CodeAstro Student Attendance Management System 1.0. The vulnerability is located in the /attendance-php/Admin/createStudents.php file, where an unknown function is impacted. By manipulating the admissionNumber argument, an attacker can inject malicious SQL code. Remote exploitation of this vulnerability is possible. The exploit is now public and may be used.
- Vendor
- CodeAstro
- Product
- Student Attendance Management System
- CVSS
- LOW 2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-13
- Original CVE updated
- 2026-06-13
- Advisory published
- 2026-06-13
- Advisory updated
- 2026-06-13
Who should care
Administrators and users of CodeAstro Student Attendance Management System 1.0 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability has a CVSS score of 2 and a severity of LOW. It is classified under CWE-74 and CWE-89. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
LOW
Recommended defensive actions
- Update to the latest version of CodeAstro Student Attendance Management System, if available.
- Implement input validation and sanitization to prevent SQL injection attacks.
- Monitor the system for suspicious activity and implement additional security measures as needed.
Evidence notes
The vendor and product information is not confirmed, but there is a candidate reference domain 'Codeastro'.
Official resources
CVE-2026-12175 was published and modified on 2026-06-13T23:16:37.263Z.