CVE-2026-5034
CVE-2026-5034
5.5
MediumPublished:
Last updated:
Source:cna@vuldb.com
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- Low
- Integrity (Vulnerable)
- Low
- Availability (Vulnerable)
- Low
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation of the argument cos_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
References
cna@vuldb.com
https://code-projects.org/cna@vuldb.com
https://github.com/Xu-Zhihan/CVE/issues/7cna@vuldb.com
https://vuldb.com/submit/778594cna@vuldb.com
https://vuldb.com/vuln/353960cna@vuldb.com
https://vuldb.com/vuln/353960/cti