Description
A flaw has been found in projectworlds Online Art Gallery Shop 1.0. Impacted is an unknown function of the file /admin/adminHome.php. Executing a manipulation of the argument social_linked can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
Published: 2026-05-24
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw has been identified in projectworlds Online Art Gallery Shop 1.0, specifically within an unknown function of /admin/adminHome.php. Manipulating the argument social_linked allows an attacker to perform SQL injection, which can be triggered remotely. Published exploits exist that could take advantage of this vulnerability.

Affected Systems

The affected product is projectworlds Online Art Gallery Shop version 1.0. The vulnerability occurs in the admin panel, particularly the file /admin/adminHome.php, and affects the processing of the social_linked parameter.

Risk and Exploitability

The CVSS score is 6.9, indicating moderate severity. EPSS is unavailable, yet the presence of published exploits suggests a realistic chance of exploitation. The vulnerability is not listed in the CISA KEV catalog and can be exploited remotely by manipulating the social_linked argument over the network.

Generated by OpenCVE AI on May 24, 2026 at 09:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest patch or update from projectworlds for Online Art Gallery Shop if one is released.
  • Alter the code that handles the social_linked parameter in /admin/adminHome.php to use parameterized queries or proper input escaping, eliminating the injection point.
  • Configure the database user employed by the web application with the least privilege required and monitor database logs for anomalous queries.

Generated by OpenCVE AI on May 24, 2026 at 09:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 24 May 2026 08:15:00 +0000

Type Values Removed Values Added
Description A flaw has been found in projectworlds Online Art Gallery Shop 1.0. Impacted is an unknown function of the file /admin/adminHome.php. Executing a manipulation of the argument social_linked can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
Title projectworlds Online Art Gallery Shop adminHome.php sql injection
First Time appeared Projectworlds
Projectworlds online Art Gallery Shop
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:projectworlds:online_art_gallery_shop:*:*:*:*:*:*:*:*
Vendors & Products Projectworlds
Projectworlds online Art Gallery Shop
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Projectworlds Online Art Gallery Shop
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-24T07:30:09.880Z

Reserved: 2026-05-23T10:01:26.675Z

Link: CVE-2026-9364

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T10:00:11Z

Weaknesses