EUVD-2026-12403
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
4Description
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument user_email causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
Analysis
SQL injection in itsourcecode Online Enrollment System 1.0 allows unauthenticated remote attackers to manipulate the user_email parameter in /sms/login.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling attackers to read, modify, or delete sensitive enrollment data without authentication. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate affected systems from production, disable the /sms/login.php endpoint if possible, and alert relevant stakeholders. Within 7 days: Deploy Web Application Firewall (WAF) rules to block SQL injection patterns, implement input validation, and conduct a database audit for unauthorized access. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today