CVE-2026-5537 | halex CourseSEL up to 1.1.0 HTTP GET Parameter IndexController.class.php check_sel seid sql injection

A vulnerability marked as critical has been reported in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection.

This vulnerability is traded as CVE-2026-5537. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5537 | halex CourseSEL up to 1.1.0 HTTP GET Parameter IndexController.class.php check_sel seid sql injection

Post correlati

CVE-2024-9720 | Trimble SketchUp Viewer SKP File Parser out-of-bounds (ZDI-24-1477)

CVE-2024-56544 | Linux Kernel up to 6.11.10/6.12.1 mm/page_alloc.c PAGE_SIZE allocation of resources

CVE-2023-51436 | Japan System Techniques Universal Passport RX up to 1.0.8 cross site scripting

CVE-2025-6466 | ageerle ruoyi-ai 2.0.0 SseServiceImpl.java speechToTextTranscriptionsV2/upload File unrestricted upload