Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
CodeAstro Online Classroom: SQL Injection Vulnerability Exposes User Data
CVE-2026-6010
Summary
An attacker can exploit a flaw in CodeAstro Online Classroom to access sensitive information. This could happen if a malicious user manipulates certain input fields. To protect your data, update to the latest version of the software or consider alternative solutions.
Original title
A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Per...
Original description
A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 10 Apr 2026 · Updated: 10 Apr 2026 · First seen: 10 Apr 2026