Platform
php
Fixed in
1.0.1
CVE-2026-5035 describes a SQL Injection vulnerability within the Parameter Handler component of code-projects Accounting System version 1.0. This flaw allows remote attackers to inject malicious SQL code by manipulating the 'enid' parameter in the '/viewwork.php' file. Successful exploitation could lead to unauthorized data access or modification. Version 1.0 is known to be affected. No official patch is currently available to address this vulnerability.
A SQL injection vulnerability has been identified in code-projects Accounting System version 1.0. This vulnerability resides within the /viewwork.php file of the 'Parameter Handler' component, specifically concerning the enid argument. A remote attacker can exploit this vulnerability by manipulating this argument to execute malicious SQL queries against the database. The public disclosure of the exploit significantly elevates the risk of exploitation, as attackers can leverage available information to compromise vulnerable systems. The absence of a fix further exacerbates the situation, necessitating immediate action to mitigate the risk. Potential impact includes data breaches, modification of accounting records, and system compromise.
The SQL injection vulnerability in code-projects Accounting System 1.0 is exploited through manipulation of the enid parameter within the /viewwork.php file. The remote nature of the vulnerability allows an attacker to exploit it without requiring physical access to the system. Public exploit disclosure facilitates exploitation, as attackers have access to detailed information on how to exploit the vulnerability. The 'Parameter Handler' component is responsible for processing input parameters, and inadequate validation of en_id enables SQL code injection. This vulnerability is particularly dangerous as it can allow attackers to access, modify, or delete sensitive database data, compromising the integrity and confidentiality of the accounting system.
Exploit Status
EPSS
0.03% (8% percentile)
CISA SSVC
CVSS Vector
Given the lack of an official fix for CVE-2026-5035, organizations utilizing code-projects Accounting System version 1.0 should implement immediate mitigation measures. These include network segmentation to limit database access, the deployment of web application firewalls (WAFs) to filter malicious traffic, and a thorough review of the source code to identify and remediate the vulnerability. Regular security audits and adherence to the principle of least privilege are strongly recommended. Proactive monitoring of system logs for suspicious activity is also crucial. Consider upgrading to a more secure version of the system, if available, as the most effective long-term solution.
Update the Accounting System to a version later than 1.0 or apply a patch that fixes the (SQL Injection) vulnerability in the view_work.php file. It is recommended to validate and sanitize user inputs, especially the en_id parameter, before using them in SQL queries.
Vulnerability analysis and critical alerts directly to your inbox.
SQL injection is a security vulnerability that allows attackers to insert malicious SQL code into database queries, potentially leading to unauthorized access, modification, or deletion of data.
It means that information on how to exploit the vulnerability is publicly available, increasing the risk of it being used by attackers.
Implement immediate mitigation measures, such as network segmentation and source code review. Proactively monitor system logs for suspicious activity.
Currently, there is no official fix available for CVE-2026-5035.
Implement secure development practices, conduct regular security audits, and adhere to the principle of least privilege.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.