PT-2026-5224 · Code Projects · Online Music Site
Yu_Ji
·
Published
2026-01-28
·
Updated
2026-02-02
·
CVE-2026-1534
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
code-projects Online Music Site version 1.0
Description
A flaw exists in code-projects Online Music Site 1.0. The issue involves the manipulation of the
ID argument, leading to SQL injection. This can be exploited remotely through a file located at '/Administrator/PHP/AdminEditUser.php'. The exploit is publicly available.Recommendations
Apply any available updates to address the issue in the affected file, '/Administrator/PHP/AdminEditUser.php'.
As a temporary workaround, restrict access to the file '/Administrator/PHP/AdminEditUser.php' to minimize the risk of exploitation.
Avoid using the
ID parameter in the affected file until the issue is resolved.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Online Music Site