Home / Vulnerability Intelligence / CVE-2026-5033

CVE-2026-5033 - Vulnerability Analysis

HighCVSS: 7.3

Last Updated: March 30, 2026

code-projects Accounting System - SQL Injection

Published: March 29, 2026Updated: March 30, 2026PoC AvailableRemote Exploitable

Overview

code-projects Accounting System 1.0 contains a sql injection caused by manipulation of the "cos_id" argument in /view_costumer.php Parameter Handler, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request.

Severity & Score

Severity: High

CVSS Score: 7.3

EPSS Score: 3.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary SQL commands, potentially leading to data disclosure or modification.

Mitigation

Update to the latest version.

References

Social Media Activity(1 post)

Offensive Sequence

@offseq

Mar 29, 2026

🚨 CVE-2026-5033 (MEDIUM): SQL injection in code-projects Accounting System 1.0 (/view_costumer.php, cos_id) is being actively exploited. Remote risk — monitor and patch as soon as fixes arrive. More: https://radar.offseq.com/threat/cve-2026-5033-sql-injection-in-code-projects-accou-9e1a8bbd #OffSeq #SQLInjection #VulnResearch

View original post

Related Resources

Details

CVE ID: CVE-2026-5033
Severity: High
CVSS Score: 7.3
Type: sql_injection
Status: confirmed
EPSS: 3.0%
Social Posts: 1

CWE

CWE-74
CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

3.0%Probability of exploitation in the next 30 days