Platform
php
Component
code-projects-online-application-system-for-admission
Fixed in
1.0.1
A SQL Injection vulnerability has been identified in the Online Application System for Admission, affecting versions 1.0.0 through 1.0. This flaw allows attackers to manipulate the /enrollment/database/oas.sql file, potentially leading to the insecure storage of sensitive information. The vulnerability is remotely exploitable and a public exploit is available, increasing the risk of immediate compromise.
Successful exploitation of CVE-2026-5650 allows an attacker to inject malicious SQL code into the Online Application System for Admission database queries. This can result in unauthorized access to, modification of, or deletion of sensitive data, including user credentials, application data, and potentially system configuration information. The remote nature of the vulnerability means an attacker does not need local access to the system to exploit it. Given the public availability of an exploit, the potential for widespread compromise is significant, particularly for systems with weak security configurations or inadequate input validation.
CVE-2026-5650 is a publicly disclosed vulnerability with a known proof-of-concept exploit available. This significantly increases the likelihood of exploitation. The vulnerability was published on 2026-04-06. Its inclusion in a public exploit suggests a moderate to high probability of active exploitation, especially given the relatively low complexity of SQL injection attacks.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5650 is to upgrade to a patched version of the Online Application System for Admission as soon as it becomes available. Until a patch is applied, implement strict input validation on all data submitted to the /enrollment/database/oas.sql endpoint. Utilize parameterized queries or prepared statements to prevent SQL injection attacks. Consider implementing a Web Application Firewall (WAF) with SQL injection protection rules to block malicious requests. Regularly review database access logs for suspicious activity.
Update the system to a corrected version that resolves the insecure storage of sensitive information vulnerability. Consult the vendor documentation or release notes for specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5650 is a SQL Injection vulnerability affecting versions 1.0.0–1.0 of the Online Application System for Admission. It allows attackers to manipulate database queries via the /enrollment/database/oas.sql file.
If you are using Online Application System for Admission versions 1.0.0–1.0, you are potentially affected. Check your system and apply the recommended mitigation steps immediately.
The primary fix is to upgrade to a patched version of the Online Application System for Admission. Until then, implement strict input validation and parameterized queries.
Due to the public availability of a proof-of-concept exploit, CVE-2026-5650 is likely being actively exploited. Prompt action is crucial.
Refer to the Online Application System project's official website or security advisory page for the latest information and updates regarding CVE-2026-5650.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.