CVE-2026-5033 describes a SQL Injection vulnerability discovered in code-projects Accounting System version 1.0. This flaw allows attackers to inject malicious SQL code through the manipulation of the cosid parameter within the /viewcostumer.php file, potentially leading to unauthorized data access or modification. The vulnerability is remotely exploitable and a public exploit is now available, increasing the risk of immediate exploitation.
Successful exploitation of CVE-2026-5033 could allow an attacker to bypass authentication and authorization controls, gaining unauthorized access to sensitive financial data stored within the Accounting System database. This could include customer information, transaction records, and financial reports. Depending on the database configuration and permissions, an attacker might also be able to modify or delete data, leading to data integrity issues and potential financial losses. The public availability of an exploit significantly increases the likelihood of widespread exploitation, particularly targeting organizations using the vulnerable version of the Accounting System.
CVE-2026-5033 is publicly known and an exploit is available, indicating a high probability of exploitation. It was disclosed on 2026-03-29. The vulnerability's ease of exploitation and public availability make it a significant security risk. No KEV listing or EPSS score is currently available.
Exploit Status
EPSS
0.03% (8% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5033 is to upgrade to a patched version of the Accounting System. Since no fixed version is provided, immediate action is required. As a temporary workaround, implement a Web Application Firewall (WAF) rule to filter potentially malicious SQL injection attempts targeting the cosid parameter in /viewcostumer.php. Additionally, implement robust input validation on the cos_id parameter to ensure it conforms to expected data types and formats. Regularly review and update database access controls to minimize the potential impact of a successful attack. After implementing mitigations, verify their effectiveness by attempting to reproduce the vulnerability with a safe test payload.
Update the Accounting System to a patched version that resolves the SQL injection vulnerability in the view_costumer.php file. If a patched version is not available, it is recommended to disable or remove the affected component until a solution can be applied.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5033 is a SQL Injection vulnerability in code-projects Accounting System version 1.0, allowing attackers to inject malicious SQL code through the cosid parameter in /viewcostumer.php, potentially compromising data.
If you are using code-projects Accounting System version 1.0, you are potentially affected by this vulnerability. Immediate action is required to mitigate the risk.
Upgrade to a patched version of the Accounting System is the recommended fix. As no fixed version is provided, implement WAF rules and input validation as temporary mitigations.
Yes, a public exploit is available, indicating a high probability of active exploitation. Organizations should prioritize remediation.
Please refer to the code-projects website or relevant security forums for the official advisory regarding CVE-2026-5033.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.