CVE-2026-5649: SQL Injection in Online Application System 1.0
Platform
php
Component
code-projects-online-application-system-for-admission
CVE-2026-5649 represents a SQL Injection vulnerability discovered in the Online Application System for Admission, specifically within the /enrollment/admsnform.php endpoint. Successful exploitation allows attackers to inject malicious SQL code, potentially compromising the application's database and sensitive data. This vulnerability impacts versions 1.0.0 through 1.0 of the software, and the exploit is publicly disclosed, increasing the risk of active exploitation. Currently, no official patch is available to address this issue.
How to fix
Actualice el módulo a la última versión disponible o aplique parches de seguridad para mitigar la vulnerabilidad de inyección SQL. Revise y sanee las entradas del usuario en el archivo /enrollment/admsnform.php para prevenir la ejecución de consultas SQL maliciosas. Implemente validación y escape de datos para proteger contra futuras inyecciones SQL.
Frequently asked questions
What is CVE-2026-5649?
CVE-2026-5649 is a SQL Injection vulnerability affecting the Online Application System for Admission. It allows attackers to inject malicious SQL code into the /enrollment/admsnform.php endpoint, potentially compromising the database.
Am I affected by CVE-2026-5649?
You are potentially affected if you are using Online Application System for Admission version 1.0.0 through 1.0 and have not applied a patch. The vulnerability is remotely exploitable and the exploit is publicly known.
How can I fix or mitigate CVE-2026-5649?
Currently, no official patch is available. Mitigation strategies include input validation, parameterized queries, and restricting database access privileges. Regularly monitor the application for suspicious activity.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free