CVE-2026-5537: CourseSEL SQL Injection (1.0.0-1.1.0)
Platform
php
Component
course-sel
CVE-2026-5537 represents a SQL Injection vulnerability discovered in halex CourseSEL versions 1.0.0 through 1.1.0. This flaw resides within the `check_sel` function of the HTTP GET Parameter Handler component, specifically in `Apps/Index/Controller/IndexController.class.php`. Successful exploitation allows remote attackers to inject malicious SQL code, potentially compromising the application's data integrity. A patch addressing this vulnerability is available.
How to fix
Actualice el módulo CourseSEL a una versión corregida que solucione la vulnerabilidad de inyección SQL en el parámetro seid. Contacte al proveedor para obtener información sobre las versiones corregidas, ya que no han respondido a las notificaciones de seguridad. Como medida preventiva, valide y escapa todas las entradas del usuario para evitar futuras inyecciones SQL.
Frequently asked questions
What is CVE-2026-5537?
CVE-2026-5537 is a SQL Injection vulnerability affecting CourseSEL versions 1.0.0 to 1.1.0. It allows attackers to inject malicious SQL code through the `seid` parameter, potentially leading to data breaches.
Am I affected by CVE-2026-5537?
You are potentially affected if you are using CourseSEL versions 1.0.0 or 1.1.0. It's crucial to assess your environment and apply the available patch if you are using these versions.
How do I fix CVE-2026-5537?
Update CourseSEL to a patched version that addresses this SQL Injection vulnerability. Refer to the vendor's documentation for specific update instructions.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free