Description
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php.
Published: 2026-04-16
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: Potential data disclosure and manipulation through SQL Injection
Action: Patch or Mitigate
AI Analysis

Impact

The vulnerability permits an attacker to inject arbitrary SQL statements via the /music/view_music.php endpoint in the SourceCodester Simple Music Cloud Community System. This flaw could allow unauthorized read, modify, or delete operations on the underlying database, compromising data confidentiality and integrity. The weakness aligns with SQL Injection, facilitating manipulation of SQL queries due to insufficient input sanitization.

Affected Systems

Application: SourceCodester Simple Music Cloud Community System, Version 1.0. No other affected vendors or products are listed. The flaw resides only within the mentioned file of this version.

Risk and Exploitability

Because the vulnerability is exploitable through the web interface, the attack vector is inferred to be remote over HTTP/HTTPS. No EPSS score is available and the issue is not in CISA’s KEV catalog, implying limited known exploitation. The CVSS score of 7.3 denotes high severity; nonetheless, SQL Injection remains a critical vulnerability that attackers can exploit to modify or retrieve database content.

Generated by OpenCVE AI on April 17, 2026 at 05:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Replace direct string concatenation in /music/view_music.php with prepared statements that use parameterized queries to prevent injection.
  • Implement strict input validation on all parameters that reach the database, ensuring only expected data types and formats are accepted.
  • If a patch is not immediately available, deploy a web application firewall rule to block typical SQL injection patterns and conduct a comprehensive audit of the application for additional injection points.

Generated by OpenCVE AI on April 17, 2026 at 05:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Title SQL Injection in /music/view_music.php of Simple Music Cloud Community System

Thu, 16 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester simple Music Cloud Community System
Vendors & Products Sourcecodester
Sourcecodester simple Music Cloud Community System

Thu, 16 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php.
References

Subscriptions

Sourcecodester Simple Music Cloud Community System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-16T17:28:46.565Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37336

cve-icon Vulnrichment

Updated: 2026-04-16T17:28:42.599Z

cve-icon NVD

Status : Deferred

Published: 2026-04-16T15:17:36.460

Modified: 2026-04-17T15:15:09.790

Link: CVE-2026-37336

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T06:00:09Z

Weaknesses