CVE-2026-5666

CVE Database · CVE-2026-5666

CVE-2026-5666

· MEDIUMDeferred

CVSS v3.1

5.3

CVSS v4.0

5.5

EPSS

0.30%

Published

Apr 6, 2026

Modified

Apr 27, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be performed from remote. The exploit is now public and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-200CWE-922

References (5)

https://code-projects.org/

https://github.com/ahmadmarz10-hub/CVEsMarz/blob/main/Sensitive%20Information%20Disclosure%20in%20Online%20FIR%20System%20PHP%20Exposed%20Database%20Backup.md

https://vuldb.com/submit/786322

https://vuldb.com/vuln/355489

https://vuldb.com/vuln/355489/cti

KEV Catalog EPSS Scores Vendors All CVEs