CVE-2026-5534

HIGH CVSS 7.3 View on NVD ↗

Description

A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

https://github.com/ldan42008-ux/cve/issues/2
https://itsourcecode.com/
https://vuldb.com/submit/782185
https://vuldb.com/vuln/355287
https://vuldb.com/vuln/355287/cti

Published: Apr 05, 2026 03:16 UTC Modified: Apr 05, 2026 03:16 UTC