CVE-2026-5666

| EUVD-2026-19364 MEDIUM
2026-04-06 VulDB GHSA-jhff-3rr5-hh56
5.5
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
PoC Detected
Apr 07, 2026 - 13:20 vuln.today
Public exploit code
Analysis Generated
Apr 06, 2026 - 16:00 vuln.today
EUVD ID Assigned
Apr 06, 2026 - 16:00 euvd
EUVD-2026-19364
CVE Published
Apr 06, 2026 - 15:30 nvd
MEDIUM 5.5

Tags

Information Disclosure

Description

A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be performed from remote. The exploit is now public and may be used.

Analysis

Code-Projects Online FIR System 1.0 stores sensitive database backup files insecurely, allowing unauthenticated remote attackers to access the /complaints.sql backup file and disclose confidential information. The CVSS 5.5 score reflects low confidentiality impact but network-accessible exposure; publicly available exploit code exists, elevating practical risk despite the moderate score.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

48
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +28
POC: +20

Share

CVE-2026-5666 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy