Freewind

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A flaw exists in code-projects Online Music Site 1.0 that allows for SQL injection. The issue is located in an unknown function within the `/Administrator/PHP/AdminAddUser.php` file. Manipulation of the `txtusername` argument can lead to remote exploitation. The exploit is publicly available. **Recommendations** Address the SQL injection flaw in the `/Administrator/PHP/AdminAddUser.php` file by sanitizing the `txtusername` argument. As a temporary workaround, restrict access to the `/Administrator/PHP/AdminAddUser.php` file to minimize the risk of exploitation.