CVE-2026-5534

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published Apr 05, 2026

Vendor unknown

Description

A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

References

https://github.com/ldan42008-ux/cve/issues/2
https://itsourcecode.com/
https://vuldb.com/submit/782185
https://vuldb.com/vuln/355287
https://vuldb.com/vuln/355287/cti