code-projects Online FIR System SQL Injection Vulnerability

A SQL injection vulnerability has been identified in code-projects Online FIR System version 1.0. The vulnerability resides within the /Login/checklogin.php file, specifically affecting the login component. An attacker can remotely exploit this vulnerability by manipulating the email or password parameters within a request. The vulnerability has been assigned CVE-2026-5665 and given a CVSS v3.1 score of 7.3, indicating a high severity. Public exploits exist, meaning defenders should prioritize detection and mitigation measures. This vulnerability poses a significant risk to organizations using the affected software, as successful exploitation could lead to data breaches, account takeover, or other unauthorized access.

Attack Chain

1. An attacker identifies a vulnerable instance of code-projects Online FIR System 1.0.
2. The attacker crafts a malicious HTTP request targeting the /Login/checklogin.php endpoint.
3. The request includes SQL injection payloads within the email or password parameters.
4. The application fails to properly sanitize the input, passing the malicious payload to the database.
5. The database executes the injected SQL code, allowing the attacker to read, modify, or delete data.
6. The attacker may extract sensitive information such as user credentials or financial records.
7. The attacker could use the extracted credentials to gain unauthorized access to user accounts.
8. The attacker could escalate privileges within the system, potentially gaining full control of the application and underlying server.

Impact

Successful exploitation of this SQL injection vulnerability can have severe consequences. An attacker could gain unauthorized access to sensitive data, including user credentials, personal information, and financial records. This can lead to identity theft, financial loss, and reputational damage. The number of potential victims depends on the number of installations of the vulnerable Online FIR System. The targeted sectors are unknown, but any organization using this system is at risk.

Recommendation

• Inspect web server logs for suspicious POST requests to /Login/checklogin.php containing SQL injection attempts using the provided Sigma rule.
• Apply input validation and sanitization to the email and password parameters in /Login/checklogin.php to prevent SQL injection.
• Monitor network traffic for connections to or from the known malicious URLs listed in the IOC table.
• Consider implementing a web application firewall (WAF) rule to block known SQL injection patterns.