Cyber Resilience

CVE-2026-5334

MediumPublic PoC

Published: 02 April 2026

Published
02 April 2026
Modified
06 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0037 28.8th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-5334 is a medium-severity Injection (CWE-74) vulnerability in Itsourcecode Online Enrollment System. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-5334 is a SQL injection vulnerability (CWE-74, CWE-89) affecting itsourcecode Online Enrollment System 1.0. The flaw resides in an unknown function within the Parameter Handler component, specifically in the file /enrollment/index.php?view=edit&id=3, where manipulation of the 'deptid' argument enables injection. Published on 2026-04-02, it carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating high severity due to its network accessibility and low exploitation barriers.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows limited impacts: low-level confidentiality breaches (e.g., unauthorized data disclosure), integrity modifications (e.g., data tampering), and availability disruptions (e.g., denial of service).

Advisories referenced in VulDB entries (e.g., vuln/354668) and a GitHub issue in yuji0903/silver-guide document the issue and note that a public exploit is available, increasing the risk of attacks; security practitioners should review these sources, including the vendor site at itsourcecode.com, for any patch or mitigation recommendations.

The public availability of the exploit underscores the need for immediate scanning and patching of exposed instances, as it could facilitate real-world attacks on unmaintained deployments.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be…

more

carried out remotely. The exploit has been made available to the public and could be used for attacks.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

SQL injection in a publicly accessible web application (Online Enrollment System) with no auth required directly enables remote exploitation of the public-facing app.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-1176Same vendor: Itsourcecode
CVE-2026-2012Same vendor: Itsourcecode
CVE-2026-2014Same vendor: Itsourcecode
CVE-2026-3730Same vendor: Itsourcecode
CVE-2026-2190Same vendor: Itsourcecode
CVE-2026-2013Same vendor: Itsourcecode
CVE-2026-2073Same vendor: Itsourcecode
CVE-2026-2011Same vendor: Itsourcecode
CVE-2026-0544Same vendor: Itsourcecode
CVE-2026-2018Same vendor: Itsourcecode

Affected Assets

itsourcecode
online enrollment system
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of untrusted inputs like the 'deptid' parameter to prevent SQL injection attacks in the Parameter Handler.

prevent

Mandates timely identification, reporting, and remediation of the specific SQL injection flaw in /enrollment/index.php?view=edit&id=3.

detectrespond

Enables regular vulnerability scanning to detect and initiate remediation for SQL injection vulnerabilities such as CVE-2026-5334.

References