Vulnerabilities ›

CVE-2026-5650

Medium

CWE-200 — Weakness Type

                    Published: Apr 6, 2026                      ·  Modified: Apr 9, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

🤖 AI Executive Summary

CVE-2026-5650 is a medium-severity vulnerability in Online Application System for Admission 1.0 that allows remote attackers to access insecurely stored sensitive information through manipulation of the /enrollment/database/oas.sql file. The vulnerability has been publicly disclosed and poses a risk to educational institutions managing student admission data.

📄 Description (Arabic)

يؤثر هذا الضعف على نظام التطبيق الإلكتروني للقبول النسخة 1.0 ويسمح بالوصول غير المصرح إلى البيانات الحساسة المخزنة بشكل غير آمن. يمكن استغلال الثغرة عن بعد من خلال التلاعب بملف قاعدة البيانات oas.sql. تم الإفصاح العلني عن الثغرة مما يزيد من خطر الاستغلال.

🤖 ملخص تنفيذي (AI)

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 03:01

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government healthcare education

🎯 MITRE ATT&CK Techniques

T1005 T1040 T1213

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update to a patched version of the Online Application System for Admission if available; implement database access controls and encryption for sensitive data at rest; restrict file permissions on oas.sql; conduct a security audit of stored credentials and personal information; implement input validation and parameterized queries to prevent database manipulation.

🔧 خطوات المعالجة (العربية)

قم بالترقية إلى نسخة محدثة من نظام التطبيق الإلكتروني للقبول إن توفرت؛ طبق ضوابط الوصول للقاعدة البيانات والتشفير للبيانات الحساسة؛ قيد صلاحيات الملفات على oas.sql؛ أجر تدقيق أمني للبيانات المخزنة والمعلومات الشخصية؛ طبق التحقق من صحة المدخلات والاستعلامات المعاملة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.7.1.1 A.8.2.1 A.8.2.3

🔵 SAMA CSF

ID.AM-1 PR.DS-1 PR.DS-2

🟡 ISO 27001:2022

A.13.1.1 A.13.2.1 A.13.2.3

🔗 References & Sources 5

🔗

https://code-projects.org/

cna@vuldb.com

🔗

https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclos...

cna@vuldb.com

🔗

https://vuldb.com/submit/786307

cna@vuldb.com

🔗

https://vuldb.com/vuln/355438

cna@vuldb.com

🔗

https://vuldb.com/vuln/355438/cti

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-200

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-04-06

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-200

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-5650

Introduce Yourself

Sign In Required