Description
A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing a manipulation of the argument fname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Published: 2026-01-02
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Apply Fix
AI Analysis

Impact

A flaw exists in the Online Music Site that allows an attacker to manipulate the fname argument within Feedback.php, resulting in untrusted input being directly included in a SQL query. The vulnerability is a classic injection that can lead to exposure or modification of the underlying database, compromising the confidentiality and integrity of user data. The weakness is identified as CWE-74 and CWE-89, indicating insufficient filtering of user input before it reaches database statements.

Affected Systems

The affected product is code-projects Online Music Site version 1.0, as indexed under the CNA product data and the CPE cpe:2.3:a:fabian:online_music_site:1.0. No additional versions are listed.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity for this vulnerability, while the EPSS score of less than 1% suggests a very low probability of exploitation in the wild at present. However, the attack can be initiated remotely and an exploit is publicly available, making it a legitimate threat. Because the vulnerability exists in a publicly accessible web application and no official patch has been published, the risk remains heightened until a vendor fix or workaround is applied.

Generated by OpenCVE AI on April 18, 2026 at 08:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace or patch the affected application to a version that validates or sanitizes the fname parameter before it is used in a SQL statement.
  • If a patch is unavailable, implement a mitigation by adding input validation to ensure fname contains only expected characters or length limits, thereby preventing injection.
  • Restrict database user privileges to only the required operations for the application, limiting the potential damage if an injection occurs.

Generated by OpenCVE AI on April 18, 2026 at 08:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 08:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing manipulation of the argument fname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used. A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing a manipulation of the argument fname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

Fri, 09 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Fabian
Fabian online Music Site
CPEs cpe:2.3:a:fabian:online_music_site:1.0:*:*:*:*:*:*:*
Vendors & Products Fabian
Fabian online Music Site

Tue, 06 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 05 Jan 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects online Music Site
Vendors & Products Code-projects
Code-projects online Music Site

Fri, 02 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing manipulation of the argument fname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
Title code-projects Online Music Site Feedback.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Online Music Site
Fabian Online Music Site
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T08:10:32.989Z

Reserved: 2026-01-02T07:56:21.390Z

Link: CVE-2026-0570

cve-icon Vulnrichment

Updated: 2026-01-06T20:28:26.160Z

cve-icon NVD

Status : Modified

Published: 2026-01-02T19:15:47.450

Modified: 2026-02-23T09:16:31.757

Link: CVE-2026-0570

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T08:45:41Z

Weaknesses