CVE-2026-5553: SQL Injection in itsourcecode Cellphone System 1.0
Platform
php
Component
itsourcecode-online-cellphone-system
CVE-2026-5553 represents a SQL Injection vulnerability discovered in the itsourcecode Online Cellphone System, specifically within the Parameter Handler component's /cp/available.php file. Successful exploitation allows an attacker to inject malicious SQL code, potentially leading to unauthorized data access or modification. This vulnerability impacts versions 1.0.0 through 1.0 of the software, and while a fix is pending, the exploit is publicly available.
How to fix
Actualice el sistema a una versión corregida que solucione la vulnerabilidad de inyección SQL en el archivo /cp/available.php. Revise y sanee la entrada 'Name' para prevenir la ejecución de código SQL malicioso. Implemente validación y escape de datos en todas las entradas del usuario.
Frequently asked questions
What is CVE-2026-5553?
CVE-2026-5553 is a SQL Injection vulnerability in the itsourcecode Online Cellphone System. It allows attackers to inject malicious SQL code through the Name argument in the /cp/available.php file, potentially compromising the database.
Am I affected by CVE-2026-5553?
You are potentially affected if you are using itsourcecode Online Cellphone System version 1.0.0 through 1.0. The vulnerability is remotely exploitable and the exploit is publicly available, increasing the risk.
How can I fix or mitigate CVE-2026-5553?
Currently, no official patch is available for CVE-2026-5553. Mitigation strategies include restricting access to the /cp/available.php file, implementing robust input validation and sanitization, and using parameterized queries to prevent SQL injection.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free