EUVD-2026-14738
GHSA-763j-4r42-mhxh
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
Analysis
SQL injection in itsourcecode Online Enrollment System 1.0 allows unauthenticated remote attackers to manipulate the Name parameter in /sms/user/index.php?view=add, potentially enabling unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, increasing risk of active exploitation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Take the affected enrollment system offline or restrict network access to authorized personnel only; notify all stakeholders of the service disruption. Within 7 days: Deploy compensating controls including WAF rules to block SQL injection patterns, implement input validation at the application layer, and conduct forensic analysis for signs of exploitation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today