CVE-2026-5534: SQL Injection in Online Enrollment System 1.0
Platform
php
Component
online-enrollment-system
CVE-2026-5534 represents a SQL Injection vulnerability discovered in the itsourcecode Online Enrollment System, specifically within the Parameter Handler component. Successful exploitation allows an attacker to inject malicious SQL code, potentially compromising the integrity and confidentiality of the database. This vulnerability affects versions 1.0.0 through 1.0 of the system. A fix is currently unavailable.
How to fix
Actualice el sistema Online Enrollment System a una versión corregida. Verifique y sanee las entradas del usuario en el archivo index.php para prevenir inyecciones SQL. Implemente consultas parametrizadas o procedimientos almacenados para interactuar con la base de datos de forma segura.
Frequently asked questions
What is CVE-2026-5534?
CVE-2026-5534 is a SQL Injection vulnerability in the itsourcecode Online Enrollment System. It allows attackers to inject malicious SQL code through the USERID parameter in /sms/user/index.php?view=edit&id=10, potentially accessing or modifying sensitive data.
Am I affected?
You are potentially affected if you are using itsourcecode Online Enrollment System version 1.0.0 through 1.0 and have not applied a patch. The vulnerability is remotely exploitable and a public exploit exists.
How do I fix it?
No official patch is currently available for CVE-2026-5534. Mitigation strategies may include input validation and sanitization, restricting database access, and implementing a Web Application Firewall (WAF).
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free