CVE 9.8 CRITICAL

CVE-2026-37749_CVE-2026-37749

April 17, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.

AI Analysis

SQL injection vulnerability allowing remote unauthenticated attackers to bypass authentication

Basic Information

ID CVE-2026-37749

Source mitre

Published Apr 17, 2026 at 00:00

Modified Apr 17, 2026 at 15:23

Affected Product

Vendor CodeAstro

Product Simple Attendance Management System

Version v1.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-89

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor CodeAstro

Product Simple Attendance Management System

Version v1.0

References

{
    "lastseen": "",
    "description": "A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.",
    "published": "2026-04-17T00:00:00.000Z",
    "modified": "2026-04-17T15:23:39.696Z",
    "type": "cve",
    "title": "CVE-2026-37749",
    "source": "mitre",
    "references": "https://codeastro.com/simple-attendance-management-system-in-php-with-source-code/\nhttps://github.com/menevarad007/CVE-2026-37749",
    "id": "CVE-2026-37749",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Simple Attendance Management System",
    "version": "v1.0",
    "vendor": "CodeAstro",
    "ai_description": "SQL injection vulnerability allowing remote unauthenticated attackers to bypass authentication",
    "ai_severity": "Critical",
    "ai_vendor": "CodeAstro",
    "ai_product": "Simple Attendance Management System",
    "ai_version": "v1.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply