PT-2026-30408 · Unknown · Halex Coursesel
Zyyyy
·
Published
2026-04-05
·
Updated
2026-04-05
·
CVE-2026-5537
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
halex CourseSEL versions up to 1.1.0
Description
A security issue exists in halex CourseSEL. The
check sel function within the Apps/Index/Controller/IndexController.class.php file, specifically the HTTP GET Parameter Handler, is susceptible to SQL injection through manipulation of the seid parameter. This attack can be initiated remotely. The exploit has been publicly disclosed.Recommendations
Update to a version beyond 1.1.0.
Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Halex Coursesel