Description
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_playlist.php.
Published: 2026-04-16
Score: 7.3 High
EPSS: n/a
KEV: No
Impact: SQL Injection that can expose or alter user data
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an unfiltered user input that allows attackers to inject malicious SQL code into the query processing flow of the Simple Music Cloud Community System. This weakness permits unauthorized reading, modification, or deletion of data in the backend database, compromising the confidentiality, integrity, and availability of the application’s information. The issue is a classic SQL Injection flaw and is located in the /music/view_playlist.php endpoint.

Affected Systems

SourceCodester Simple Music Cloud Community System version 1.0.

Risk and Exploitability

A CVSS score of 7.3 reflects a high risk, although no EPSS score is available and the vulnerability is not listed in the CISA KEV catalog, suggesting no publicly disclosed exploitation yet. The likely attack vector is a crafted HTTP request to the view_playlist.php page that supplies malicious SQL statements, which the application executes without proper sanitization.

Generated by OpenCVE AI on April 17, 2026 at 05:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy a patched version of the Simple Music Cloud Community System that replaces raw SQL construction with parameterized queries.
  • If a patch is not yet available, modify /music/view_playlist.php to use prepared statements or an ORM that safely escapes all user-supplied inputs before executing SQL.
  • Apply strict input validation to any remaining parameters accepted by the application, ensuring only expected data types and formats are allowed.
  • Perform a thorough audit of all other entry points in the application for potential injection flaws, and remediate any findings with defensive coding techniques or appropriate input sanitization.

Generated by OpenCVE AI on April 17, 2026 at 05:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 06:15:00 +0000

Type Values Removed Values Added
Title SQL Injection via Unsanitized Parameter in view_playlist.php of Simple Music Cloud Community System v1.0

Thu, 16 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester simple Music Cloud Community System
Vendors & Products Sourcecodester
Sourcecodester simple Music Cloud Community System

Thu, 16 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_playlist.php.
References

Subscriptions

Sourcecodester Simple Music Cloud Community System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-16T17:26:11.625Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37337

cve-icon Vulnrichment

Updated: 2026-04-16T17:26:05.405Z

cve-icon NVD

Status : Received

Published: 2026-04-16T15:17:36.573

Modified: 2026-04-16T18:16:45.740

Link: CVE-2026-37337

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T06:00:09Z

Weaknesses