CVE-2026-5650

low-risk

Published 2026-04-06

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

References (5)

https://code-projects.org/

https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20...

https://vuldb.com/submit/786307

https://vuldb.com/vuln/355438

https://vuldb.com/vuln/355438/cti

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal