Iraqi

**Name of the Vulnerable Software and Affected Versions** Live Music Plus version 1.1.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in a "Singer" action, specifically targeting the index.php file. **Recommendations** For Live Music Plus version 1.1.0, consider restricting access to the vulnerable `id` parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the `id` parameter in the Singer action to minimize the risk of exploitation.