PT-2026-5224 · Code Projects · Online Music Site

Yu_Ji

Publicado

2026-01-28

Atualizado

2026-02-02

CVE-2026-1534

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0

Description A flaw exists in code-projects Online Music Site 1.0. The issue involves the manipulation of the ID argument, leading to SQL injection. This can be exploited remotely through a file located at '/Administrator/PHP/AdminEditUser.php'. The exploit is publicly available.

Recommendations Apply any available updates to address the issue in the affected file, '/Administrator/PHP/AdminEditUser.php'. As a temporary workaround, restrict access to the file '/Administrator/PHP/AdminEditUser.php' to minimize the risk of exploitation. Avoid using the ID parameter in the affected file until the issue is resolved.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2026-1534

Produtos afetados

Online Music Site

PT-2026-5224 · Code Projects · Online Music Site

CVE-2026-1534

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11