CVE-2026-5578— CodeAstro Online Classroom SQL注入漏洞

CodeAstro Online Classroom Parameter addassessment.php sql injection

A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /OnlineClassroom/addassessment.php of the component Parameter Handler. Performing a manipulation of the argument deleteid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

CodeAstro Online Classroom SQL注入漏洞

CodeAstro Online Classroom是CodeAstro公司的一个在线课堂平台。 CodeAstro Online Classroom 1.0版本存在SQL注入漏洞，该漏洞源于对文件/OnlineClassroom/addassessment.php中参数deleteid的错误操作，可能导致SQL注入攻击。

N/A

N/A