PT-2026-2042 · Code Projects · Online Music Site

Yeliuyun

Publicado

2026-01-12

Atualizado

2026-01-17

CVE-2026-0852

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0

Description A security flaw exists in code-projects Online Music Site 1.0. The issue involves a SQL injection impacting an unknown function within the file /Administrator/PHP/AdminUpdateUser.php. Manipulation of the ID argument allows for remote execution of the attack. The exploit has been publicly released and may be used for attacks.

Recommendations Restrict or disable access to the file /Administrator/PHP/AdminUpdateUser.php as a temporary measure. Avoid using the ID parameter in the /Administrator/PHP/AdminUpdateUser.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-0852

Produtos afetados

Online Music Site

PT-2026-2042 · Code Projects · Online Music Site

CVE-2026-0852

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12