Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
halex CourseSEL Unsecured Data Input in GET Requests
CVE-2026-5537
Summary
A security flaw in halex CourseSEL allows attackers to inject malicious SQL code when using a specific parameter in a GET request. This could potentially allow unauthorized access to sensitive data. Update to the latest version of halex CourseSEL to fix this issue.
Original title
A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of th...
Original description
A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026