Platform
php
Component
online-enrollment-system
Fixed in
1.0.1
CVE-2026-5534 represents a SQL Injection vulnerability discovered in the itsourcecode Online Enrollment System, specifically within the Parameter Handler component. Successful exploitation allows an attacker to inject malicious SQL code, potentially compromising the integrity and confidentiality of the database. This vulnerability affects versions 1.0.0 through 1.0 of the system. A fix is currently unavailable.
A SQL injection vulnerability has been identified in itsourcecode Online Enrollment System version 1.0 (CVE-2026-5534). This flaw resides within the 'Parameter Handler' component in the file /sms/user/index.php?view=edit&id=10, specifically concerning the manipulation of the 'USERID' argument. A remote attacker can exploit this vulnerability to inject malicious SQL code, potentially compromising the integrity and confidentiality of the database. The vulnerability's severity is rated as 7.3 according to CVSS, indicating a significant risk. The public availability of an exploit further exacerbates the situation, facilitating its use by malicious actors. The lack of a fix available implies that affected systems remain vulnerable until a patch is implemented.
The CVE-2026-5534 vulnerability is exploited through the manipulation of the 'USERID' parameter in the URL /sms/user/index.php?view=edit&id=10. An attacker can inject malicious SQL code into this parameter, which is then executed in the underlying database. The remote nature of the exploitation means that an attacker does not need physical access to the system to leverage this vulnerability. The public availability of an exploit greatly facilitates exploitation, increasing the risk of targeted attacks. The lack of proper authentication or authorization in handling the 'USERID' parameter is the root cause of this vulnerability.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
Given the absence of an official fix for CVE-2026-5534, system administrators using itsourcecode Online Enrollment System 1.0 are strongly advised to take immediate steps to mitigate the risk. This includes, but is not limited to, isolating the affected system from the network, implementing firewalls to restrict access to /sms/user/index.php, and actively monitoring system logs for suspicious activity. Consideration should be given to upgrading to a more secure version of the system, if available, or implementing additional security measures, such as intrusion detection systems (IDS) and intrusion prevention systems (IPS). Thorough validation and sanitization of all user inputs are crucial to prevent future SQL injections.
Actualice el sistema Online Enrollment System a una versión corregida. Verifique y sanee las entradas del usuario en el archivo index.php para prevenir inyecciones SQL. Implemente consultas parametrizadas o procedimientos almacenados para interactuar con la base de datos de forma segura.
Vulnerability analysis and critical alerts directly to your inbox.
CVSS 7.3 indicates a high-severity vulnerability with a significant risk of exploitation.
Currently, there is no official fix provided by itsourcecode.
Isolate the system, restrict access to the vulnerable URL, monitor logs, and consider additional security measures.
It's an attack technique that allows attackers to inject malicious SQL code into a database through user inputs.
You can find more information on vulnerability databases such as NIST NVD.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.