CVE-2026-5650 - Vulnerability Details

- code-projects Online Application System for Admission oas.sql sensitive information

Description

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Published: 2026-04-06

Score: 6.9 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw exists in the Online Application System for Admission that causes the file /enrollment/database/oas.sql to store sensitive information insecurely. By manipulating an unknown function within this file, an attacker can gain unauthorized access to confidential data. The vulnerability allows remote exploitation, and the method to trigger it has been publicly disclosed, enabling attackers to craft an exploit script or manual request.

Affected Systems

The issue affects version 1.0 of the code-projects Online Application System for Admission. The affected component is the oas.sql file located in the /enrollment/database directory. No other product or version information is currently available.

Risk and Exploitability

The CVSS score of 6.9 classifies the vulnerability as moderate severity, and a public exploit is already circulating. Because exploitation can be performed remotely, attackers do not require local privileges to compromise the data. The EPSS value is not provided, and the vulnerability is not included in the CISA KEV catalog, but the presence of a public exploit suggests a tangible risk. Users with remote access to the application should consider this a critical issue until remediation is applied.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

code-projects

Online Application System for Admission

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Code-projects

Online Application System For Admission

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

If an official patch or updated version is available from the vendor, install it immediately.
If no patch is available, remove or deny write access to the /enrollment/database/oas.sql file for untrusted users and implement stricter file permissions.
Encrypt sensitive data stored in the database and enforce strong key management before moving the application to production.
Monitor logs for unauthorized access attempts to the oas.sql file and block suspicious IP addresses.

Generated by OpenCVE AI on April 6, 2026 at 14:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://code-projects.org/
https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20Application%20System%20for%20Admission%20PHP%20Exposed%20Database%20Backup.md
https://vuldb.com/submit/786307
https://vuldb.com/vuln/355438
https://vuldb.com/vuln/355438/cti

History

Tue, 07 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Code-projects Code-projects online Application System For Admission
Vendors & Products		Code-projects Code-projects online Application System For Admission

Mon, 06 Apr 2026 15:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 06 Apr 2026 11:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Title		code-projects Online Application System for Admission oas.sql sensitive information
Weaknesses		CWE-200 CWE-922
References		https://code-projects.org/ https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20Application%20System%20for%20Admission%20PHP%20Exposed%20Database%20Backup.md https://vuldb.com/submit/786307 https://vuldb.com/vuln/355438 https://vuldb.com/vuln/355438/cti
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Code-projects Online Application System For Admission

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-06T11:30:13.217Z

Updated: 2026-04-06T14:52:31.064Z

Reserved: 2026-04-05T20:46:10.500Z

Link: CVE-2026-5650

Vulnrichment

Updated: 2026-04-06T14:52:27.594Z

NVD

Status : Deferred

Published: 2026-04-06T12:16:19.810

Modified: 2026-04-27T19:04:22.650

Link: CVE-2026-5650

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-06T21:32:50Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object