Description
A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Published: 2026-01-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection that can be exploited remotely to compromise the application database.
Action: Immediate Patch
AI Analysis

Impact

A vulnerability in the AdminAddUser.php file of code‑projects Online Music Site 1.0 allows an attacker to inject arbitrary SQL through the txtusername parameter. The injection can be triggered remotely and may expose, modify, or delete data in the database, potentially leading to unauthorized data access.

Affected Systems

The vulnerability affects code‑projects Online Music Site version 1.0.

Risk and Exploitability

The CVSS score of 6.9 indicates medium severity, and the EPSS score of less than 1% shows a very low probability of widespread exploitation at the time of analysis. The flaw is accessible over the web, and publicly available exploits exist, meaning that an attacker can remotely send a crafted request to /Administrator/PHP/AdminAddUser.php to execute the injection. Although it is not listed in the CISA KEV catalog, the combination of remote reachability and public exploit code raises the overall risk for affected installations.

Generated by OpenCVE AI on April 18, 2026 at 16:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor‑supplied patch or upgrade to a non‑vulnerable version of the code‑projects Online Music Site if one is released.
  • Sanitize and validate the txtusername input on the server side, using parameterized queries or prepared statements to eliminate SQL injection vectors.
  • Restrict access to the /Administrator/PHP/AdminAddUser.php page to privileged users only, enforce least privilege, and monitor web traffic for anomalous input patterns.

Generated by OpenCVE AI on April 18, 2026 at 16:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 14 Jan 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Fabian
Fabian online Music Site
CPEs cpe:2.3:a:fabian:online_music_site:1.0:*:*:*:*:*:*:*
Vendors & Products Fabian
Fabian online Music Site

Mon, 12 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects online Music Site
Vendors & Products Code-projects
Code-projects online Music Site

Sun, 11 Jan 2026 23:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Title code-projects Online Music Site AdminAddUser.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Online Music Site
Fabian Online Music Site
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T08:31:27.530Z

Reserved: 2026-01-11T09:10:57.660Z

Link: CVE-2026-0851

cve-icon Vulnrichment

Updated: 2026-01-12T16:36:14.686Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-12T00:15:52.763

Modified: 2026-01-14T22:18:02.417

Link: CVE-2026-0851

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T16:30:05Z

Weaknesses