Description
A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument social_twitter results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Published: 2026-06-04
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw has been identified in projectworlds Online Art Gallery Shop Project version 1.0, specifically within an undocumented function of the file /admin/adminHome.ph. By manipulating the social_twitter parameter, an attacker can inject arbitrary SQL code. This vulnerability falls under CWE‑74 and CWE‑89 and enables a remote attacker to execute unintended database queries, potentially exposing or altering sensitive data.

Affected Systems

The affected product is Projectworlds Online Art Gallery Shop Project version 1.0. No other versions or sub‑products are listed as impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog, but an exploit has been released publicly and can be triggered remotely via the web interface. Successful exploitation would allow attackers to read or modify database contents, compromising confidentiality and integrity of the stored information.

Generated by OpenCVE AI on June 5, 2026 at 01:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest update from Projectworlds that removes the SQL injection flaw in adminHome.ph.
  • If an official update is not yet available, restrict the /admin/adminHome.ph endpoint so that only authenticated administrators can access it and drop or filter the social_twitter parameter.
  • Revise the application code to employ parameterized queries or proper input sanitization when handling social_twitter, ensuring that injected SQL cannot be executed.

Generated by OpenCVE AI on June 5, 2026 at 01:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument social_twitter results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Title projectworlds Online Art Gallery Shop Project adminHome.ph sql injection
First Time appeared Projectworlds
Projectworlds online Art Gallery Shop Project
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:projectworlds:online_art_gallery_shop_project:*:*:*:*:*:*:*:*
Vendors & Products Projectworlds
Projectworlds online Art Gallery Shop Project
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Projectworlds Online Art Gallery Shop Project
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-06-04T23:00:17.312Z

Reserved: 2026-06-04T15:34:44.571Z

Link: CVE-2026-10875

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T23:16:49.210

Modified: 2026-06-04T23:16:49.210

Link: CVE-2026-10875

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T07:45:35Z

Weaknesses