CVE-2026-5537: CourseSEL SQL Injection (1.0.0-1.1.0)
Plattform
php
Komponente
course-sel
CVE-2026-5537 represents a SQL Injection vulnerability discovered in halex CourseSEL versions 1.0.0 through 1.1.0. This flaw resides within the `check_sel` function of the HTTP GET Parameter Handler component, specifically in `Apps/Index/Controller/IndexController.class.php`. Successful exploitation allows remote attackers to inject malicious SQL code via the `seid` parameter, potentially compromising the database. The vendor has not responded to early disclosure attempts.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-5537?
CVE-2026-5537 is a SQL Injection vulnerability affecting halex CourseSEL versions 1.0.0 to 1.1.0. It allows attackers to inject malicious SQL code through the `seid` parameter in the `check_sel` function, potentially leading to data breaches.
Am I affected by CVE-2026-5537?
You are potentially affected if you are using halex CourseSEL version 1.0.0 or 1.1.0. The vulnerability is triggered by manipulating the `seid` parameter in HTTP GET requests.
How do I fix CVE-2026-5537?
No official patch is currently available from the vendor. Mitigation strategies include input validation and sanitization of the `seid` parameter, as well as restricting database access privileges.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten