CVE-2026-5537 | halex CourseSEL up to 1.1.0 HTTP GET Parameter IndexController.class.php check_sel seid sql injection

A vulnerability marked as critical has been reported in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check_sel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection.

This vulnerability is traded as CVE-2026-5537. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-5537 | halex CourseSEL up to 1.1.0 HTTP GET Parameter IndexController.class.php check_sel seid sql injection

Post correlati

CVE-2026-20681 | Apple macOS up to 26.2 App information disclosure

CVE-2025-9798 | Netcad Netigma prior 6.3.5 V8 cross site scripting

CVE-2024-39207 | lua-shmem 1.0-1 shmem_write buffer overflow

CVE-2025-25901 | TP-LINK TL-WR841ND V11 Packet WanSlaacCfgRpm.htm dnsserver1/dnsserver2 denial of service