Codeastro Codeastro

  1. Vendors
  2. Codeastro

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Codeastro product.

RSS Feeds for Codeastro security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Codeastro products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Codeastro Sorted by Most Security Vulnerabilities since 2018

Codeastro Membership Management System18 vulnerabilities

Codeastro Real Estate Management System15 vulnerabilities

Codeastro Gym Management System11 vulnerabilities

Codeastro Internet Banking System11 vulnerabilities

Codeastro Complaint Management System5 vulnerabilities

Codeastro House Rental Management System5 vulnerabilities

Codeastro Restaurant Pos System4 vulnerabilities

Codeastro Pos Inventory Management System4 vulnerabilities

Codeastro Bus Ticket Booking System3 vulnerabilities

Codeastro Online Food Ordering System3 vulnerabilities

Codeastro Patient Record Management System3 vulnerabilities

Codeastro University Management System2 vulnerabilities

Codeastro Student Grading System2 vulnerabilities

Codeastro Simple Hospital Management System2 vulnerabilities

Codeastro Food Ordering System2 vulnerabilities

Codeastro Car Rental System2 vulnerabilities

Codeastro Pharmacy Management System1 vulnerability

Codeastro Online Movie Ticket Booking System1 vulnerability

Codeastro Expense Management System1 vulnerability

Codeastro Simple Banking System1 vulnerability

Codeastro Ecommerce Website1 vulnerability

Codeastro Simple Inventory System1 vulnerability

Codeastro Simple Loan Management System1 vulnerability

Codeastro Simple Voting System1 vulnerability

Codeastro Blood Donor Management System1 vulnerability

By the Year

In 2026 there have been 6 vulnerabilities in Codeastro with an average score of 6.8 out of ten. Last year, in 2025 Codeastro had 48 security vulnerabilities published. Right now, Codeastro is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.03.




Year Vulnerabilities Average Score
2026 6 6.80
2025 48 6.77
2024 45 7.24
2023 7 6.91
2022 2 6.05

It may take a day or so for new Codeastro vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Codeastro Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-5580 Apr 05, 2026
SQLi in Parameter Handler of CodeAstro Online Classroom 1.0 addvideos.php A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2026-5579 Apr 05, 2026
CVE-2026-5579: CodeAstro Online Classroom 1.0 SQLi via Parameter Handler A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parameter Handler. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVE-2026-5578 Apr 05, 2026
CodeAstro Online Classroom 1.0 SQLi via deleteid in addassessment.php A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /OnlineClassroom/addassessment.php of the component Parameter Handler. Performing a manipulation of the argument deleteid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVE-2026-3137 Feb 25, 2026
Stack Buffer Overflow in CodeAstro Food Ordering 1.0 via food_ordering.exe A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used.
Food Ordering System
CVE-2025-70150 Feb 18, 2026
CodeAstro Membership System 1.0 delete_members.php: Unauth Delete AuthBreach CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.
Membership Management System
CVE-2025-70149 Feb 18, 2026
SQL Injection in CodeAstro Mgt 1.0 print_membership_card.php ID param CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.
Membership Management System
CVE-2025-14900 Dec 19, 2025
CodeAstro Real Estate MS 1.0 SQLi in Admin/UserDelete.php ID param A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /admin/userdelete.php of the component Administrator Endpoint. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Real Estate Management System
CVE-2025-14899 Dec 19, 2025
CodeAstro Real Estate Mgmt 1.0 SQLi via /admin/stateadd.php A weakness has been identified in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /admin/stateadd.php of the component Administrator Endpoint. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Real Estate Management System
CVE-2025-14898 Dec 18, 2025
CWE-89: CodeAstro Real Estate 1.0 Admin Endpoint SQLi via userbuilderdelete.php A security flaw has been discovered in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /admin/userbuilderdelete.php of the component Administrator Endpoint. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Real Estate Management System
CVE-2025-14897 Dec 18, 2025
CodeAstro RES 1.0: Remote SQLi in /admin/useragentdelete.php A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Real Estate Management System
CVE-2025-13280 Nov 17, 2025
CodeAstro Simple Inventory Sys 1.0 Login SQLi via Username Remote A vulnerability was determined in CodeAstro Simple Inventory System 1.0. The impacted element is an unknown function of the file /index.php of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Simple Inventory System
CVE-2025-13172 Nov 14, 2025
CodeAstro Gym MS 1.0 SQLi in /admin/view-member-report.php (remote) A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Gym Management System
CVE-2025-12610 Nov 03, 2025
SQLi in CodeAstro Gym Management System 1.0 /admin/view-progress-report.php A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Gym Management System
CVE-2025-12609 Nov 03, 2025
CodeAstro Gym Management 1.0 SQL Injection via /admin/update-progress.php A vulnerability was found in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-progress.php. Performing a manipulation of the argument id/ini_weight results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
Gym Management System
CVE-2025-12261 Oct 27, 2025
SQL Injection in CodeAstro GymMgmt 1.0 remove-announcement.php A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Gym Management System
CVE-2025-12242 Oct 27, 2025
SQLi in CodeAstro Gym Mgmt Sys 1.0 via /admin/actions/check-attendance.php (CVE-2025-12242) A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Gym Management System
CVE-2025-11593 Oct 11, 2025
SQLi in CodeAstro Gym Management 1.0 delete-equipment.php (remote) A flaw has been found in CodeAstro Gym Management System 1.0. This vulnerability affects unknown code of the file /admin/actions/delete-equipment.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Gym Management System
CVE-2025-11592 Oct 11, 2025
CodeAstro Gym Manager 1.0 Remote SQLi in /admin/edit-equipmentform.php A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.
Gym Management System
CVE-2025-11591 Oct 11, 2025
Remote SQLi via ID in CodeAstro Gym Mgt Sys 1.0 delete-member.php A security vulnerability has been detected in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/actions/delete-member.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Gym Management System
CVE-2025-11590 Oct 11, 2025
SQL Injection in CodeAstro Gym Management System 1.0 admin/equipment-entry.php A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing a manipulation of the argument ename can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Gym Management System
CVE-2025-11589 Oct 10, 2025
CodeAstro 1.0 - /admin/user-payment.php SQLI via plan param A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing a manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Gym Management System
CVE-2025-11588 Oct 10, 2025
SQLI in CodeAstro Gym Mgt Sys 1.0 via fullname in /customer/index.php A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Gym Management System
CVE-2025-11118 Sep 28, 2025
SQLi in /adminLogin.php of CodeAstro Student Grading Sys 1.0 (CVE202511118) A vulnerability was identified in CodeAstro Student Grading System 1.0. This issue affects some unknown processing of the file /adminLogin.php. Such manipulation of the argument staffId leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Student Grading System
CVE-2025-11114 Sep 28, 2025
SQL injection in CodeAstro Online Leave App 1.0 via absence[] A flaw has been found in CodeAstro Online Leave Application 1.0. Affected by this vulnerability is an unknown functionality of the file /leaveAplicationForm.php. Executing manipulation of the argument absence[] can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
CVE-2025-11113 Sep 28, 2025
CodeAstro OLA 1.0 SQLi via /signup.php city param A vulnerability was detected in CodeAstro Online Leave Application 1.0. Affected is an unknown function of the file /signup.php. Performing manipulation of the argument city results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. Other parameters might be affected as well.
CVE-2025-11104 Sep 28, 2025
SQLI in CodeAstro Electricity Billing System 1.0 /admin/bill.php (uid) A vulnerability was detected in CodeAstro Electricity Billing System 1.0. Affected by this issue is some unknown functionality of the file /admin/bill.php. The manipulation of the argument uid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2025-10780 Sep 22, 2025
SQLi in CodeAstro Simple Pharmacy Mgmt 1.0 via /view.php bar_code A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument bar_code causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVE-2025-7153 Jul 08, 2025
CVE-2025-7153: CodeAstro Simple Hospital 1.0 XSS via /doctor.html A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor.html of the component POST Parameter Handler. The manipulation of the argument First Name/Last name/Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Simple Hospital Management System
CVE-2025-7148 Jul 07, 2025
CodeAstro SHMS 1.0 XSS via POST Parameter Handler A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.
Simple Hospital Management System
CVE-2025-7147 Jul 07, 2025
CodeAstro PRMS 1.0 remote SQLi in /login.php via uname A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Patient Record Management System
CVE-2025-7133 Jul 07, 2025
XSRF in CodeAstro Online Movie Ticket Booking System 1.0 A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Online Movie Ticket Booking System
CVE-2025-6664 Jun 25, 2025
CVE-2025-6664 XSRF in CodeAstro PRM 1.0 via unknown func A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Patient Record Management System
CVE-2025-6478 Jun 22, 2025
CVE-2025-6478: CodeAstro Expense Sys 1.0 CSRF in Unknown Component A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely.
Expense Management System
CVE-2025-6452 Jun 22, 2025
CodeAstro PRMS 1.0 XSS in Generate New Report Page A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument Patient Name/Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Patient Record Management System
CVE-2025-6131 Jun 16, 2025
CodeAstro Food Ordering System 1.0 XSS via POST Request Parameter Handler A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Food Ordering System
CVE-2025-5610 Jun 04, 2025
CodeAstro Real Estate Management System 1.0 SQLi via /submitpropertydelete.php A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Real Estate Management System
CVE-2025-5611 Jun 04, 2025
CodeAstro RE System 1.0: SQLi via ID in submitpropertyupdate.php A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Real Estate Management System
CVE-2025-5583 Jun 04, 2025
CodeAstro Real Estate Sys 1.0 – Remote SQLi via /register.php A vulnerability classified as critical has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /register.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Real Estate Management System
CVE-2025-5581 Jun 04, 2025
CodeAstro Real Estate Mgmt Sys 1.0 SQLi via User param in /admin/index.php A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Real Estate Management System
CVE-2025-5582 Jun 04, 2025
CodeAstro Real Estate Mgmt Sys 1.0 SQLi via /profile.php content arg A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Real Estate Management System
CVE-2025-5580 Jun 04, 2025
CodeAstro Real Estate Mgmt Sys 1.0: SQLi via /login.php Email A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Real Estate Management System
CVE-2025-4811 May 16, 2025
CVE-2025-4811: CodeAstro PMS 1.0 PHP Login SQLi via Username A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Pharmacy Management System
CVE-2025-25776 Apr 28, 2025
XSS in Codeastro Bus Ticket Booking System v1.0 User Regis/Profile (FN & Addr) Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing.
Bus Ticket Booking System
CVE-2025-3998 Apr 28, 2025
CodeAstro MgtSys 1.0: Remote SQLi via renew.php id A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Membership Management System
CVE-2025-25775 Apr 25, 2025
SQLi in Codeastro Bus Ticket Booking Sys v1.0 via kodetiket param Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.
Bus Ticket Booking System
CVE-2025-25777 Apr 24, 2025
Codeastro Bus Ticket Booking Sys v1.0 IDOR: Unauthorized User Profile Access Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.
Bus Ticket Booking System
CVE-2025-29015 Apr 17, 2025
Astro Internet Banking System 2.0.0 XSS via /admin/pages_account.php name param Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php.
Internet Banking System
CVE-2025-29017 Apr 10, 2025
Code Astro Internet Banking System 2.0.0 RCE via profile_pic Upload A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php.
Internet Banking System
CVE-2025-29018 Apr 09, 2025
Code Astro Internet Banking System 2.0.0 – Stored XSS in name parameter A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.
Internet Banking System
CVE-2025-3205 Apr 04, 2025
SQLi in studentsubject.php of CodeAstro Grading System 1.0 A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the argument studentId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Student Grading System
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.