{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5334/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5334"}],"_cs_exploited":true,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","cve-2026-5334"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eA SQL injection vulnerability has been identified in itsourcecode Online Enrollment System version 1.0. The vulnerability resides within the Parameter Handler component of the application, specifically affecting the \u003ccode\u003e/enrollment/index.php\u003c/code\u003e endpoint. By manipulating the \u003ccode\u003edeptid\u003c/code\u003e argument, a remote attacker can inject malicious SQL queries, potentially leading to unauthorized data access, modification, or even remote code execution. This vulnerability is particularly concerning because a public exploit is available, increasing the likelihood of active exploitation. Defenders should prioritize patching or mitigating this vulnerability to prevent potential compromise of their systems. The scope of impact includes any system running the vulnerable version of itsourcecode Online Enrollment System.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a vulnerable instance of itsourcecode Online Enrollment System 1.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting \u003ccode\u003e/enrollment/index.php?view=edit\u0026amp;id=3\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the \u003ccode\u003edeptid\u003c/code\u003e parameter of the HTTP request.\u003c/li\u003e\n\u003cli\u003eThe web server processes the request and passes the tainted \u003ccode\u003edeptid\u003c/code\u003e parameter to the SQL query.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the database, allowing the attacker to bypass authentication or access sensitive data.\u003c/li\u003e\n\u003cli\u003eThe attacker may escalate the attack by attempting to execute arbitrary commands on the server.\u003c/li\u003e\n\u003cli\u003eSuccessful exploitation allows the attacker to dump database contents, modify enrollment records, or gain administrative access.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability could lead to complete compromise of the Online Enrollment System. This includes unauthorized access to sensitive student data, modification of enrollment records, and potentially remote code execution on the server. Given that a public exploit exists, organizations using the vulnerable software are at high risk of experiencing data breaches, financial losses, and reputational damage. The potential victim count depends on the number of installations of the affected Online Enrollment System.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for suspicious POST requests to \u003ccode\u003e/enrollment/index.php\u003c/code\u003e containing potentially malicious SQL syntax within the \u003ccode\u003edeptid\u003c/code\u003e parameter to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect SQL Injection Attempt via deptid Parameter\u003c/code\u003e to detect exploitation attempts targeting the vulnerable endpoint.\u003c/li\u003e\n\u003cli\u003eBlock requests to \u003ccode\u003e/enrollment/index.php?view=edit\u0026amp;id=3\u003c/code\u003e containing SQL keywords in the \u003ccode\u003edeptid\u003c/code\u003e parameter at the WAF or reverse proxy.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003edeptid\u003c/code\u003e parameter within the application code to prevent SQL injection attacks in the future.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-02T14:16:37Z","date_published":"2026-04-02T14:16:37Z","id":"/briefs/2026-04-online-enrollment-sql-injection/","summary":"A SQL injection vulnerability exists in itsourcecode Online Enrollment System 1.0 within the Parameter Handler component at /enrollment/index.php, where manipulating the deptid argument can lead to remote code execution, with public exploits available.","title":"SQL Injection Vulnerability in itsourcecode Online Enrollment System 1.0","url":"https://feed.craftedsignal.io/briefs/2026-04-online-enrollment-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5334","version":"https://jsonfeed.org/version/1.1"}