Description
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php.
Published: 2026-04-16
Score: 9.4 Critical
EPSS: n/a
KEV: No
Impact: Database Compromise via SQL Injection
Action: Apply Patch
AI Analysis

Impact

SourceCodester Simple Music Cloud Community System version 1.0 contains an SQL injection flaw in the /music/view_user.php script. Unsanitized user input is directly incorporated into database queries, allowing an attacker to inject arbitrary SQL statements that can read, modify, or delete application data. This vulnerability is a classic example of CWE‑89, giving potential attackers control over the database content and leading to confidentiality and integrity violations. The likely attack vector is via HTTP requests to the vulnerable endpoint, inferred from the nature of the web application and the lack of any authentication mention in the description.

Affected Systems

The affected product is SourceCodester Simple Music Cloud Community System, version 1.0. No other vendors or product versions are listed as impacted.

Risk and Exploitability

With a CVSS score of 9.4 the flaw is classified as critical, reflecting severe potential impact. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting that publicly documented exploits are not yet known. However, an attacker who can reach the web application can construct malicious requests that exploit the injection point, leveraging the privileges of the application’s database account. The risk remains high due to the possibility of extensive data exposure or manipulation if the application is publicly reachable or if credentials are shared among users.

Generated by OpenCVE AI on April 17, 2026 at 06:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the application to the latest release where the SQL injection vulnerability has been fixed if an updated version is available.
  • If no patch exists, modify the code to use parameterized queries or prepared statements for every database operation that includes user input, and implement strict input validation or sanitization to eliminate injection vectors.
  • Secure the /music/view_user.php endpoint with authentication and enforce proper access controls, and consider deploying a web application firewall to detect and block suspicious SQL payloads.

Generated by OpenCVE AI on April 17, 2026 at 06:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 06:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in SourceCodester Simple Music Cloud Community System

Thu, 16 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester simple Music Cloud Community System
Vendors & Products Sourcecodester
Sourcecodester simple Music Cloud Community System

Thu, 16 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-89
Metrics cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Description SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php.
References

Subscriptions

Sourcecodester Simple Music Cloud Community System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-16T15:49:41.995Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-37338

cve-icon Vulnrichment

Updated: 2026-04-16T15:47:13.516Z

cve-icon NVD

Status : Received

Published: 2026-04-16T15:17:36.680

Modified: 2026-04-16T17:16:54.760

Link: CVE-2026-37338

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T06:30:11Z

Weaknesses