Description
A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Published: 2026-05-31
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the AdminEditAlbum.php script of code-projects Online Music Site. An attacker can manipulate the ID parameter supplied to the script, causing unsanitized input to be incorporated into an SQL statement. This flaw allows arbitrary SQL commands to be executed against the site’s database, leading to possible disclosure, modification or deletion of sensitive data. The impact therefore includes breach of confidentiality, loss of data integrity, and potential availability degradation if critical data is compromised.

Affected Systems

The affected product is code-projects Online Music Site, specifically version 1.0. The vulnerability exists in the file located at /Administrator/PHP/AdminEditAlbum.php and impacts any installation that has not applied the applicable fix.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. Because the EPSS score is not available, the likelihood of exploitation cannot be quantified but the vulnerability is publicly known and exploitable from remote hosts. The vulnerability is not listed in the CISA KEV catalog, but the existence of a public exploit suggests that attackers may target vulnerable installations if not mitigated.

Generated by OpenCVE AI on May 31, 2026 at 11:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update or patch the code to replace dynamic SQL with parameterized queries or prepared statements in AdminEditAlbum.php.
  • Restrict access to the Administrator area by enforcing strong authentication and, if possible, limiting exposure to trusted IP ranges.
  • Implement runtime input validation that rejects non‑numeric or overly long ID values, and monitor database logs for anomalous query activity.

Generated by OpenCVE AI on May 31, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 31 May 2026 10:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminEditAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
Title code-projects Online Music Site AdminEditAlbum.php sql injection
First Time appeared Code-projects
Code-projects online Music Site
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:code-projects:online_music_site:*:*:*:*:*:*:*:*
Vendors & Products Code-projects
Code-projects online Music Site
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Online Music Site
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-31T10:30:09.803Z

Reserved: 2026-05-30T16:23:00.942Z

Link: CVE-2026-10178

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-31T11:16:47.583

Modified: 2026-05-31T11:16:47.583

Link: CVE-2026-10178

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-31T12:30:02Z

Weaknesses