SQL Injection Vulnerability in code-projects Accounting System 1.0 (CVE-2026-5150)
A remote SQL injection vulnerability (CVE-2026-5150) exists in code-projects Accounting System 1.0 via manipulation of the 'cos_id' argument in /viewin_costumer.php, potentially allowing attackers to execute arbitrary SQL commands.
A critical security vulnerability, identified as CVE-2026-5150, has been discovered in code-projects Accounting System version 1.0. The vulnerability resides within the Parameter Handler component, specifically affecting the ‘/viewin_costumer.php’ file. By maliciously manipulating the ‘cos_id’ argument, a remote attacker can inject arbitrary SQL commands into the application’s database queries. Given the public disclosure of this exploit, the risk of exploitation is elevated. Successful…
Detection coverage 2
Detect Suspicious SQL Injection Attempts in code-projects Accounting System
highDetects potential SQL injection attempts targeting the /viewin_costumer.php endpoint by looking for common SQL syntax within the cos_id parameter.
Detect Suspicious SQL Injection Error Messages
mediumDetects potential SQL injection attempts by looking for SQL error messages in the web server logs. This can be indicative of successful or attempted SQL injection attacks.
Detection queries are kept inside the platform. Get full rules →