PT-2026-35683 · Code Projects · Online Music Site

The_Better_You

Published

2026-04-28

Updated

2026-04-28

CVE-2026-7238

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:L/Au:M/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0

Description An unrestricted file upload flaw exists in the '/Administrator/PHP/AdminUpdateAlbum.php' endpoint. Manipulation of the txtimage argument allows remote attackers to upload files without restrictions.

Recommendations Restrict access to the '/Administrator/PHP/AdminUpdateAlbum.php' endpoint or disable the txtimage parameter to prevent unauthorized file uploads.

Exploit

Fix

Unrestricted File Upload

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-284

Related Identifiers

CVE-2026-7238

Affected Products

Online Music Site

PT-2026-35683 · Code Projects · Online Music Site

CVE-2026-7238

Weakness Enumeration

Related Identifiers

Affected Products

References · 8