Primary

Context

CodeAstro Student Grading System SQL Injection Vulnerability

Vulnerability

A critical SQL injection vulnerability has been identified in CodeAstro Student Grading System version 1.0. The issue resides in the 'studentsubject.php' file, where the 'studentId' parameter is manipulated, allowing attackers to inject malicious SQL queries. This vulnerability can be exploited remotely and has been publicly disclosed.

Impact

Exploitation of this vulnerability allows unauthorized database access, manipulation of data, and access to sensitive information without authentication.

Reproduction

The vulnerability can be reproduced by sending a GET request to 'index.php' with the 'studentId' parameter. The request can include payloads that exploit the SQL injection, such as boolean-based blind, error-based, time-based blind, and UNION query injections.

Remediation

No specific remediation is known for this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CodeAstro Student Grading System SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CodeAstro Student Grading System

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating