Code Projects · Online Music Site · CVE-2026-11489
**Name of the Vulnerable Software and Affected Versions**
code-projects Online Music Site version 1.0
**Description**
A SQL injection issue exists in the `/Administrator/PHP/AdminDeleteAlbum.php` file. Remote attackers can exploit this by manipulating the `ID` argument, which allows for the execution of unauthorized SQL commands.
**Recommendations**
As a temporary workaround, restrict access to the `/Administrator/PHP/AdminDeleteAlbum.php` file or avoid using the `ID` parameter until a fix is applied.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.