Hackint

**Name of the Vulnerable Software and Affected Versions** CodeAstro Online Classroom version 1.0 **Description** A remote SQL injection exists in the `/guestdetails` file. The issue occurs when the `deleteid` argument is manipulated, allowing an attacker to execute arbitrary SQL commands. **Recommendations** As a temporary workaround, restrict access to the `/guestdetails` file or avoid using the `deleteid` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions CodeAstro Online Classroom versions 1.0/2.php Description A security flaw exists in CodeAstro Online Classroom 1.0/2.php, specifically within the file /OnlineClassroom/takeassessment2.php?exid=14. Manipulation of the `Q1` argument leads to a SQL injection. Remote exploitation is possible. The exploit has been publicly released. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /OnlineClassroom/takeassessment2.php?exid=14 file.