Description
A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Published: 2026-04-05
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection leading to unauthorized database access
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in the file /cp/available.php of itsourcecode Online Cellphone System 1.0. An attacker can manipulate the Name argument to inject arbitrary SQL, enabling the read, modification, or deletion of database records. This remote SQL injection is a classic example of the weaknesses identified by CWE-74 and CWE-89.

Affected Systems

The affected product is itsourcecode Online Cellphone System, version 1.0. No other vendors or product versions are listed in the provided data.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. EPSS information is not available and the vulnerability is not in the CISA KEV catalog, suggesting it is not yet widely exploited. Nonetheless, the attack can be launched remotely and a public exploit exists, presenting a realistic risk if the system remains unpatched.

Generated by OpenCVE AI on April 5, 2026 at 11:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor-provided patch or upgrade to a fixed release of Online Cellphone System.
  • If a patch is not yet available, enforce strict input validation for the Name parameter and use parameterized queries.
  • Restrict direct access to /cp/available.php to trusted IP addresses via firewall rules.
  • Deploy a web application firewall configured to detect and block SQL injection patterns.
  • Continuously monitor application and database logs for suspicious queries or unauthorized activity.

Generated by OpenCVE AI on April 5, 2026 at 11:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Itsourcecode
Itsourcecode online Cellphone System
Vendors & Products Itsourcecode
Itsourcecode online Cellphone System

Mon, 06 Apr 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 05 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in itsourcecode Online Cellphone System 1.0. Affected by this vulnerability is an unknown functionality of the file /cp/available.php of the component Parameter Handler. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
Title itsourcecode Online Cellphone System Parameter available.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Itsourcecode Online Cellphone System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-06T17:56:30.530Z

Reserved: 2026-04-04T13:41:17.619Z

Link: CVE-2026-5553

cve-icon Vulnrichment

Updated: 2026-04-06T17:56:25.543Z

cve-icon NVD

Status : Deferred

Published: 2026-04-05T09:16:19.050

Modified: 2026-04-24T18:14:34.620

Link: CVE-2026-5553

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-06T21:57:00Z

Weaknesses