{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5665/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-5665"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["sqli","cve-2026-5665","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA SQL injection vulnerability has been identified in code-projects Online FIR System version 1.0. The vulnerability resides within the \u003ccode\u003e/Login/checklogin.php\u003c/code\u003e file, specifically affecting the login component. An attacker can remotely exploit this vulnerability by manipulating the \u003ccode\u003eemail\u003c/code\u003e or \u003ccode\u003epassword\u003c/code\u003e parameters within a request. The vulnerability has been assigned CVE-2026-5665 and given a CVSS v3.1 score of 7.3, indicating a high severity. Public exploits exist, meaning defenders should prioritize detection and mitigation measures. This vulnerability poses a significant risk to organizations using the affected software, as successful exploitation could lead to data breaches, account takeover, or other unauthorized access.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable instance of code-projects Online FIR System 1.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request targeting the \u003ccode\u003e/Login/checklogin.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe request includes SQL injection payloads within the \u003ccode\u003eemail\u003c/code\u003e or \u003ccode\u003epassword\u003c/code\u003e parameters.\u003c/li\u003e\n\u003cli\u003eThe application fails to properly sanitize the input, passing the malicious payload to the database.\u003c/li\u003e\n\u003cli\u003eThe database executes the injected SQL code, allowing the attacker to read, modify, or delete data.\u003c/li\u003e\n\u003cli\u003eThe attacker may extract sensitive information such as user credentials or financial records.\u003c/li\u003e\n\u003cli\u003eThe attacker could use the extracted credentials to gain unauthorized access to user accounts.\u003c/li\u003e\n\u003cli\u003eThe attacker could escalate privileges within the system, potentially gaining full control of the application and underlying server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can have severe consequences. An attacker could gain unauthorized access to sensitive data, including user credentials, personal information, and financial records. This can lead to identity theft, financial loss, and reputational damage. The number of potential victims depends on the number of installations of the vulnerable Online FIR System. The targeted sectors are unknown, but any organization using this system is at risk.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eInspect web server logs for suspicious POST requests to \u003ccode\u003e/Login/checklogin.php\u003c/code\u003e containing SQL injection attempts using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to the \u003ccode\u003eemail\u003c/code\u003e and \u003ccode\u003epassword\u003c/code\u003e parameters in \u003ccode\u003e/Login/checklogin.php\u003c/code\u003e to prevent SQL injection.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for connections to or from the known malicious URLs listed in the IOC table.\u003c/li\u003e\n\u003cli\u003eConsider implementing a web application firewall (WAF) rule to block known SQL injection patterns.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-06T16:16:41Z","date_published":"2026-04-06T16:16:41Z","id":"/briefs/2026-04-online-fir-sqli/","summary":"A SQL injection vulnerability in code-projects Online FIR System 1.0 allows remote attackers to execute arbitrary SQL commands by manipulating the email or password parameters in the /Login/checklogin.php file.","title":"code-projects Online FIR System SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-04-online-fir-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5665","version":"https://jsonfeed.org/version/1.1"}