M202372062

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A security flaw exists in code-projects Online Music Site version 1.0, specifically in the processing of the file `/Administrator/PHP/AdminUpdateCategory.php`. Manipulation of the `txtcat` argument can lead to SQL injection. This issue can be exploited remotely. The exploit is publicly available and may be used for attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A flaw exists in code-projects Online Music Site that allows for unrestricted file uploads. This is due to manipulation of the `txtimage` argument within an unknown function of the file '/Administrator/PHP/AdminUpdateCategory.php'. The attack can be carried out remotely. The exploit for this issue has been publicly released and may be used in attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** code-projects Online Music Site version 1.0 **Description** A flaw exists in code-projects Online Music Site version 1.0, specifically within the file `/Administrator/PHP/AdminDeleteUser.php`. Manipulation of the `ID` argument can lead to SQL injection. This issue is remotely exploitable and an exploit has been published. The affected functionality is currently unknown. **Recommendations** Apply any available updates or patches for code-projects Online Music Site version 1.0. As a temporary workaround, restrict access to the file `/Administrator/PHP/AdminDeleteUser.php`. Sanitize the `ID` parameter before using it in any database queries.