Platform
php
Component
code-projects-online-application-system-for-admission
Fixed in
1.0.1
A SQL Injection vulnerability has been identified in the Online Application System for Admission, versions 1.0.0 through 1.0.0. This flaw resides within the processing of the /enrollment/admsnform.php endpoint, allowing attackers to inject malicious SQL code. Successful exploitation could lead to unauthorized data access and manipulation, impacting the confidentiality and integrity of application data. The vulnerability has been publicly disclosed.
The SQL Injection vulnerability in Online Application System for Admission allows an attacker to inject arbitrary SQL queries into the application's database. This could enable them to bypass authentication mechanisms, retrieve sensitive data such as user credentials, application configurations, and student records. Depending on the database permissions, an attacker might even be able to modify or delete data, leading to denial of service or further compromise. The ability to execute arbitrary SQL commands remotely significantly increases the potential impact and blast radius of this vulnerability.
This vulnerability has been publicly disclosed, increasing the risk of exploitation. While no specific exploit details beyond the SQL Injection vector are currently available, the public nature of the disclosure means that attackers are likely actively seeking and developing exploits. Monitor security advisories and threat intelligence feeds for updates. The vulnerability is not currently listed on CISA KEV.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
The primary mitigation for CVE-2026-5649 is to upgrade to a patched version of the Online Application System for Admission. If an immediate upgrade is not feasible, implement temporary workarounds. These include deploying a Web Application Firewall (WAF) with rules to detect and block SQL Injection attempts targeting the /enrollment/admsnform.php endpoint. Input validation and sanitization on the server-side are also crucial to prevent malicious SQL code from reaching the database. Carefully review and restrict database user permissions to minimize the potential damage from a successful attack.
Update the module to the latest available version or apply security patches to mitigate the (SQL Injection) vulnerability. Review and sanitize user inputs in the file /enrollment/admsnform.php to prevent the execution of malicious SQL queries. Implement data validation and escaping to protect against future (SQL Injection).
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5649 is a SQL Injection vulnerability affecting the Online Application System for Admission versions 1.0.0–1.0.0, allowing attackers to manipulate database queries via the /enrollment/admsnform.php endpoint.
If you are using Online Application System for Admission version 1.0.0–1.0.0, you are potentially affected by this SQL Injection vulnerability. Assess your environment and implement mitigations immediately.
The recommended fix is to upgrade to a patched version of the Online Application System for Admission. Until then, implement WAF rules and input validation to mitigate the risk.
While no confirmed active exploitation has been publicly reported, the vulnerability has been disclosed, increasing the likelihood of exploitation attempts.
Refer to the vendor's official website or security advisory channels for the Online Application System for Admission for the latest information and updates regarding CVE-2026-5649.
CVSS Vector
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.