CVE-2026-5578

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CodeAstro Online Classroom version 1.0

Description A flaw exists in CodeAstro Online Classroom 1.0 that allows for SQL injection. The issue is located in the /OnlineClassroom/addassessment.php file within the Parameter Handler component. Manipulation of the deleteid argument can lead to successful exploitation. The exploit has been publicly disclosed and could be used for remote attacks.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /OnlineClassroom/addassessment.php file.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-5578

Affected Products

Codeastro Online Classroom

CVE-2026-5578

Weakness Enumeration

Related Identifiers

Affected Products

References · 8