Critical SQL Injection Vulnerability in CodeAstro Attendance System (CVE-2026-37749)

Critical SQL Injection Vulnerability in CodeAstro Attendance System (CVE-2026-37749)

First seen 17 Apr 2026, 20:08 UTC Feedlycve.akaoma.comgithub.cominfosec.exchangeexploit-intel.com 93% similarity 78.0

Article Content

Browse articles
ThreatCluster

A critical SQL injection vulnerability, identified as CVE-2026-37749, has been discovered in CodeAstro Simple Attendance Management System v1.0. This flaw allows remote unauthenticated attackers to bypass authentication through the username parameter in index.php, potentially granting unauthorized access to sensitive attendance records. The vulnerability can be exploited over the network without user interaction, making it particularly dangerous. A proof-of-concept exploit has been released, and a CVSS score of 9.8 indicates its critical nature. Immediate patching is recommended, and if patches cannot be applied, restricting network access to trusted sources is advised. The vulnerability was published on April 17, 2026, and has no confirmed exploitation reports as of now. Security professionals are urged to implement input validation and monitor database logs for suspicious activities.

Key Points: • CVE-2026-37749 is a critical SQL injection vulnerability in CodeAstro Simple Attendance Management System. • Remote unauthenticated attackers can exploit this flaw to access sensitive data without valid credentials. • Immediate patching is recommended, with a CVSS score of 9.8 highlighting its severity.

ThreatCluster AI

Timeline

2026-04-17
CVE-2026-37749 published
2026-04-17
First public PoC released

Community

Browse all →