CVE-2026-2211
7.3 HIGHPublished 2026-02-09 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A vulnerability in the Online Music Site 1.0 software allows attackers to remotely inject malicious SQL commands through the category deletion feature. This is a serious flaw because it can be exploited easily over the network.
Who is affected
All users running the affected version of the software are at risk. A successful attacker could steal, modify, or delete sensitive data from the website's database.
Recommended fix
Since the exploit is public, immediately restrict network access to the admin panel. The only complete fix is to apply an official vendor patch if available, or to manually sanitize all user input in the `AdminDeleteCategory.php` file.
Technical Description
A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74