Codeastro Codeastro

  1. Vendors
  2. Codeastro

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Codeastro product.

RSS Feeds for Codeastro security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Codeastro products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Codeastro Sorted by Most Security Vulnerabilities since 2018

Codeastro Membership Management System19 vulnerabilities

Codeastro Real Estate Management System15 vulnerabilities

Codeastro Gym Management System11 vulnerabilities

Codeastro Internet Banking System11 vulnerabilities

Codeastro Leave Management System6 vulnerabilities

Codeastro Complaint Management System5 vulnerabilities

Codeastro Student Attendance Management System5 vulnerabilities

Codeastro House Rental Management System5 vulnerabilities

Codeastro Pos Inventory Management System4 vulnerabilities

Codeastro Restaurant Pos System4 vulnerabilities

Codeastro Human Resource Management System4 vulnerabilities

Codeastro Patient Record Management System3 vulnerabilities

Codeastro Payroll System3 vulnerabilities

Codeastro Online Food Ordering System3 vulnerabilities

Codeastro Bus Ticket Booking System3 vulnerabilities

Codeastro Simple Hospital Management System2 vulnerabilities

Codeastro Student Grading System2 vulnerabilities

Codeastro University Management System2 vulnerabilities

Codeastro Online Job Portal2 vulnerabilities

Codeastro Ingredients Stock Management System2 vulnerabilities

Codeastro Food Ordering System2 vulnerabilities

Codeastro Car Rental System2 vulnerabilities

Codeastro Online Movie Ticket Booking System1 vulnerability

Codeastro Pharmacy Management System1 vulnerability

Codeastro Simple Banking System1 vulnerability

Codeastro Expense Management System1 vulnerability

Codeastro Simple Inventory System1 vulnerability

Codeastro Simple Loan Management System1 vulnerability

Codeastro Simple Voting System1 vulnerability

Codeastro Ecommerce Website1 vulnerability

Codeastro Blood Donor Management System1 vulnerability

By the Year

In 2026 there have been 44 vulnerabilities in Codeastro with an average score of 6.1 out of ten. Last year, in 2025 Codeastro had 48 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Codeastro in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.65




Year Vulnerabilities Average Score
2026 44 6.12
2025 48 6.77
2024 45 7.24
2023 7 6.91
2022 2 6.05

It may take a day or so for new Codeastro vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Codeastro Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-12175 Jun 13, 2026
SQLi in CodeAstro Student Attendance Management System 1.0 createStudents.php A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Student Attendance Management System
CVE-2026-12131 Jun 12, 2026
CodeAstro HRMS 1.0: Payroll Invoice ID SQLi A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \application\controllers\Payroll.php of the component Payroll Invoice Module. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Human Resource Management System
CVE-2026-12130 Jun 12, 2026
CodeAstro HRM 1.0 N: XSS via protitle on /Projects/Add_Projects A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Human Resource Management System
CVE-2026-12129 Jun 12, 2026
XSS in Dashboard Interface of CodeAstro HRMS 1.0 (before 1.1) A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.
Human Resource Management System
CVE-2026-11585 Jun 08, 2026
CVE-2026-11585 SQLi via classId in CodeAstro 1.0 Admin/createClassArms.php A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument classId causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Student Attendance Management System
CVE-2026-11584 Jun 08, 2026
SQLi in CodeAstro Student Att. System 1.0 (createClass.php ID) A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Student Attendance Management System
CVE-2026-11583 Jun 08, 2026
CodeAstro Student Attendance 1.0 SQLi via className in createClass.php A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argument className leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Student Attendance Management System
CVE-2026-11582 Jun 08, 2026
CodeAstro Student Attendance MS 1.0 SQLi via Username (remote) A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
Student Attendance Management System
CVE-2026-11559 Jun 08, 2026
CodeAstro Payroll System 1.0 SQLi via /view_account.php ID A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Payroll System
CVE-2026-11558 Jun 08, 2026
Remote SQLi via rate/salary_rate in CodeAstro Payroll 1.0 A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Payroll System
CVE-2026-11510 Jun 08, 2026
Remote SQLi via admin/add_leave.php in CodeAstro LMT 1.0 A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Leave Management System
CVE-2026-11509 Jun 08, 2026
CodeAstro LSM 1.0 SQLi in search_staff_for_updation.php A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote.
Leave Management System
CVE-2026-11508 Jun 08, 2026
CodeAstro LMS 1.0 Remote SQLi via /admin/search_staff_to_assign_pc.php A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Leave Management System
CVE-2026-11507 Jun 08, 2026
CodeAstro Leave Management System 1.0 - SQLi via /admin/delete_leave_type.php A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
Leave Management System
CVE-2026-11506 Jun 08, 2026
CVE-2026-11506: SQLi in CodeAstro LeaveMgmt 1.0/admin/search_staff_for_deletion.php A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Leave Management System
CVE-2026-11495 Jun 08, 2026
SQLi in CodeAstro Ingredients Stock Mgmt Sys 1.0 via ID in add_stock.php A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/add_stock.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Ingredients Stock Management System
CVE-2026-11491 Jun 08, 2026
CodeAstro HRMS 1.0 XSS Vulnerability in Notice Board Management A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input <svg onload="alert('Stored XSS Triggered by Ashik Mohamed')"> as part of POST leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Human Resource Management System
CVE-2026-10286 Jun 01, 2026
CodeAstro Payroll System 1.0 SQLi via emp_id in /home_employee.php A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home_employee.php. The manipulation of the argument emp_id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Payroll System
CVE-2026-10261 Jun 01, 2026
SQL Injection in CodeAstro Online Job Portal 1.0 /users/application_status.php A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/application_status.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
Online Job Portal
CVE-2026-10260 Jun 01, 2026
CodeAstro Online Job Portal 1.0 /admin/jobs-admins/delete-jobs.php ID SQLi A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
Online Job Portal
CVE-2026-10235 Jun 01, 2026
CodeAstro Ingredients Stock Mgmt Sys 1.0 SQLi via stock_manager.php A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stock_manager.php. This manipulation of the argument txt_search_category causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Ingredients Stock Management System
CVE-2026-9542 May 26, 2026
CodeAstro LMS 1.0 SQL Injection in /admin/add_staff.php via email_id A weakness has been identified in CodeAstro Leave Management System 1.0. The affected element is an unknown function of the file /admin/add_staff.php. Executing a manipulation of the argument email_id can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
Leave Management System
CVE-2026-8231 May 10, 2026
CodeAstro OCO System 1.0 SQLi via /deleteorder.php ID A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-8132 May 08, 2026
CodeAstro LMS 1.0 SQLi in /login.php via txt_username A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txt_username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-8097 May 07, 2026
CodeAstro Online Classroom 1.0 SQLi via squeryx in /askquery.php (remote) A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
CVE-2026-36387 May 07, 2026
RCE via File Upload in CODEASTRO Membership Management System v1.0 A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file sanitization allows attackers to inject malicious files which leads RCE.
Membership Management System
CVE-2026-7745 May 04, 2026
SQL Injection in CodeAstro Online Classroom 1.0 (/facultydetails deleteid) A vulnerability was determined in CodeAstro Online Classroom 1.0. This impacts an unknown function of the file /OnlineClassroom/facultydetails. This manipulation of the argument deleteid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-7744 May 04, 2026
CodeAstro Online Classroom v1.0 SQLi via /OnlineClassroom/addnewstudent A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
CVE-2026-7743 May 04, 2026
CodeAstro Online Classroom 1.0 SQLi via deleteid in studentdetails A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-7742 May 04, 2026
SQLi via fid in CodeAstro Online Classroom 1.0 A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2026-7741 May 04, 2026
CodeAstro Online Classroom 1.0 SQLi via sid (studentlogin) A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2026-7196 Apr 27, 2026
CodeAstro Online Classroom 1.0 SQLi in /guestdetails via deleteid A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVE-2026-7148 Apr 27, 2026
CodeAstro Online Classroom 1.0: Remote SQLi via /addnewfaculty (fname) A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2026-7071 Apr 27, 2026
CodeAstro Online Job Portal 1.0: FFI via /users/user-cvs/ A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVE-2026-7028 Apr 26, 2026
CodeAstro Online Job Portal 1.0 SQLi via ID Remote in delete-jobs.php A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-6201 Apr 13, 2026
Improper Access Control in CodeAstro Online Job Portal 1.0 Delete Job Handler A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. The exploit is publicly available and might be used.
CVE-2026-6033 Apr 10, 2026
CodeAstro Online Classroom 1.0 SQLi via updatedetailsfromstudent.php fname A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVE-2026-6010 Apr 10, 2026
CodeAstro Online Classroom 1.0 SQLi via takeassessment2.php (Q1) A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
CVE-2026-5580 Apr 05, 2026
SQLi in Parameter Handler of CodeAstro Online Classroom 1.0 addvideos.php A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2026-5579 Apr 05, 2026
CVE-2026-5579: CodeAstro Online Classroom 1.0 SQLi via Parameter Handler A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parameter Handler. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVE-2026-5578 Apr 05, 2026
CodeAstro Online Classroom 1.0 SQLi via deleteid in addassessment.php A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /OnlineClassroom/addassessment.php of the component Parameter Handler. Performing a manipulation of the argument deleteid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVE-2026-3137 Feb 25, 2026
Stack Buffer Overflow in CodeAstro Food Ordering 1.0 via food_ordering.exe A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used.
Food Ordering System
CVE-2025-70150 Feb 18, 2026
CodeAstro Membership System 1.0 delete_members.php: Unauth Delete AuthBreach CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.
Membership Management System
CVE-2025-70149 Feb 18, 2026
SQL Injection in CodeAstro Mgt 1.0 print_membership_card.php ID param CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.
Membership Management System
CVE-2025-14900 Dec 19, 2025
CodeAstro Real Estate MS 1.0 SQLi in Admin/UserDelete.php ID param A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /admin/userdelete.php of the component Administrator Endpoint. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Real Estate Management System
CVE-2025-14899 Dec 19, 2025
CodeAstro Real Estate Mgmt 1.0 SQLi via /admin/stateadd.php A weakness has been identified in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /admin/stateadd.php of the component Administrator Endpoint. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Real Estate Management System
CVE-2025-14898 Dec 18, 2025
CWE-89: CodeAstro Real Estate 1.0 Admin Endpoint SQLi via userbuilderdelete.php A security flaw has been discovered in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /admin/userbuilderdelete.php of the component Administrator Endpoint. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Real Estate Management System
CVE-2025-14897 Dec 18, 2025
CodeAstro RES 1.0: Remote SQLi in /admin/useragentdelete.php A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Real Estate Management System
CVE-2025-13280 Nov 17, 2025
CodeAstro Simple Inventory Sys 1.0 Login SQLi via Username Remote A vulnerability was determined in CodeAstro Simple Inventory System 1.0. The impacted element is an unknown function of the file /index.php of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Simple Inventory System
CVE-2025-13172 Nov 14, 2025
CodeAstro Gym MS 1.0 SQLi in /admin/view-member-report.php (remote) A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Gym Management System
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.