CVE-2026-2132
7.3 HIGHPublished 2026-02-08 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A critical SQL injection vulnerability exists in the Online Music Site 1.0 software, specifically in its admin panel. Attackers can remotely inject malicious code through the 'txtcat' parameter, potentially compromising the entire database.
Who is affected
All users running the affected version 1.0 are impacted. A successful attacker could steal, modify, or delete sensitive data from the website's database, including user credentials and administrative information.
Recommended fix
Immediately apply any official patch from the vendor. If unavailable, the vulnerable file '/Administrator/PHP/AdminUpdateCategory.php' should be secured with proper input validation and parameterized queries, or access to the software should be restricted.
Technical Description
A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74