Zws58

Name of the Vulnerable Software and Affected Versions CodeAstro Online Classroom version 1.0 Description A flaw exists in CodeAstro Online Classroom 1.0 that allows for SQL injection. The issue is located in the `/OnlineClassroom/addassessment.php` file within the Parameter Handler component. Manipulation of the `deleteid` argument can lead to successful exploitation. The exploit has been publicly disclosed and could be used for remote attacks. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the `/OnlineClassroom/addassessment.php` file.

Name of the Vulnerable Software and Affected Versions CodeAstro Online Classroom version 1.0 Description A flaw exists in the processing of the `/OnlineClassroom/updatedetailsfromfaculty.php` file within the Parameter Handler component. Manipulation of the `fname` argument can lead to SQL injection, potentially allowing remote attackers to exploit the system. The exploit has been publicly disclosed. Recommendations Update to a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions CodeAstro Online Classroom version 1.0 Description A vulnerability exists in CodeAstro Online Classroom version 1.0, specifically within an unknown function of the `/OnlineClassroom/addvideos.php` file, related to the Parameter Handler component. Manipulation of the `videotitle` argument can lead to SQL injection. The attack can be initiated remotely, and the exploit is publicly available. Recommendations Update to a newer version that contains a fix for this vulnerability.