CVE-2026-6010: SQL Injection in CodeAstro Online Classroom
A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
AI Analysis
Technical Summary
This vulnerability involves an SQL injection in CodeAstro Online Classroom 1.0 and 2.php versions, affecting the /OnlineClassroom/takeassessment2.php endpoint via the Q1 parameter. An attacker can remotely exploit this flaw by manipulating the Q1 argument to inject malicious SQL code. The CVSS 4.0 base score is 5.3, indicating medium severity with network attack vector, low attack complexity, and no user interaction required. The vulnerability has been publicly disclosed with exploit code available, but no official patch or fix has been provided by the vendor as of the published date.
Potential Impact
Successful exploitation of this SQL injection vulnerability can allow an attacker to execute arbitrary SQL commands on the backend database. This may lead to unauthorized data access, data modification, or other database-related impacts depending on the application's database privileges and configuration. Given the medium CVSS score and public exploit availability, the risk of exploitation is notable but not critical.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Users should monitor the vendor's advisory channels for updates. In the meantime, applying web application firewall (WAF) rules to detect and block SQL injection attempts targeting the Q1 parameter may reduce risk. Avoid exposing the vulnerable endpoint publicly if possible until a fix is released.
CVE-2026-6010: SQL Injection in CodeAstro Online Classroom
Description
A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an SQL injection in CodeAstro Online Classroom 1.0 and 2.php versions, affecting the /OnlineClassroom/takeassessment2.php endpoint via the Q1 parameter. An attacker can remotely exploit this flaw by manipulating the Q1 argument to inject malicious SQL code. The CVSS 4.0 base score is 5.3, indicating medium severity with network attack vector, low attack complexity, and no user interaction required. The vulnerability has been publicly disclosed with exploit code available, but no official patch or fix has been provided by the vendor as of the published date.
Potential Impact
Successful exploitation of this SQL injection vulnerability can allow an attacker to execute arbitrary SQL commands on the backend database. This may lead to unauthorized data access, data modification, or other database-related impacts depending on the application's database privileges and configuration. Given the medium CVSS score and public exploit availability, the risk of exploitation is notable but not critical.
Mitigation Recommendations
No official patch or remediation is currently available from the vendor. Users should monitor the vendor's advisory channels for updates. In the meantime, applying web application firewall (WAF) rules to detect and block SQL injection attempts targeting the Q1 parameter may reduce risk. Avoid exposing the vulnerable endpoint publicly if possible until a fix is released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-04-09T14:21:42.076Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d873981cc7ad14da5fb260
Added to database: 4/10/2026, 3:50:48 AM
Last enriched: 4/17/2026, 11:51:04 AM
Last updated: 5/25/2026, 7:25:42 AM
Views: 69
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.