Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
itsourcecode Online Enrollment System: SQL Injection Risk Through Malicious User ID
CVE-2026-5534
Summary
The itsourcecode Online Enrollment System has a security flaw that allows an attacker to manipulate user data through a maliciously crafted user ID. This could lead to unauthorized access to sensitive information. To protect your system, update the Parameter Handler component to the latest version or apply a patch to prevent this type of attack.
Original title
A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Suc...
Original description
A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
nvd CVSS2.0
7.5
nvd CVSS3.1
7.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026