This vulnerability involves an SQL injection flaw (CWE-89) in the username parameter of the index.php file in CodeAstro Simple Attendance Management System v1.0. An attacker can remotely and without authentication manipulate SQL queries to bypass authentication controls, potentially gaining unauthorized access. The CVSS 3.1 base score is 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting network attack vector, low attack complexity, no privileges or user interaction required, and full impact on confidentiality, integrity, and availability.

Successful exploitation allows an unauthenticated remote attacker to bypass authentication mechanisms, leading to full system compromise including unauthorized data access, modification, and potential service disruption.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, it is recommended to restrict access to the affected system and monitor for suspicious activity related to SQL injection attempts targeting the username parameter.