LeakyCreds
NewInstant webhook alerts now available — notified within seconds of any credential detection.Learn more →
Home / Vulnerability Intelligence / CVE-2026-5035

CVE-2026-5035 - Vulnerability Analysis

HighCVSS: 7.3

Last Updated: March 30, 2026

code-projects Accounting System - SQL Injection

Published: March 29, 2026Updated: March 30, 2026PoC AvailableRemote Exploitable

Overview

code-projects Accounting System 1.0 contains a sql injection caused by manipulation of the "en_id" argument in /view_work.php Parameter Handler, letting remote attackers execute arbitrary SQL commands, exploit requires crafted request.

Severity & Score

Severity: High
CVSS Score: 7.3
EPSS Score: 3.0%(Probability of exploitation in next 30 days)

Impact

Remote attackers can execute arbitrary SQL commands, potentially leading to data disclosure or modification.

Mitigation

Update to the latest version.

References

Social Media Activity(1 post)

Offensive Sequence
Offensive Sequence
@offseq
Mar 29, 2026

⚠️ MEDIUM severity SQL Injection (CVE-2026-5035) found in code-projects Accounting System 1.0 (/view_work.php, Parameter Handler). Public exploit available — review your systems and restrict access if possible. https://radar.offseq.com/threat/cve-2026-5035-sql-injection-in-code-projects-accou-b844fbad #OffSeq #SQLInjection #Vuln

View original post

Related Resources

Details

CVE ID
CVE-2026-5035
Severity
High
CVSS Score
7.3
Type
sql_injection
Status
confirmed
EPSS
3.0%
Social Posts
1

CWE

  • CWE-74
  • CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

3.0%Probability of exploitation in the next 30 days