PT-2026-4815 · Code Projects · Code-Projects Online Music Site

M202372062

·

Publicado

2026-01-26

·

Atualizado

2026-01-26

·

CVE-2026-1443

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0
Description A flaw exists in code-projects Online Music Site version 1.0, specifically within the file /Administrator/PHP/AdminDeleteUser.php. Manipulation of the ID argument can lead to SQL injection. This issue is remotely exploitable and an exploit has been published. The affected functionality is currently unknown.
Recommendations Apply any available updates or patches for code-projects Online Music Site version 1.0. As a temporary workaround, restrict access to the file /Administrator/PHP/AdminDeleteUser.php. Sanitize the ID parameter before using it in any database queries.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-1443

Produtos afetados

Code-Projects Online Music Site