CVE-2026-2212
7.3 HIGHPublished 2026-02-09 · Modified 2026-02-09 · Undergoing Analysis
Quick Summary
A critical SQL injection flaw exists in the Online Music Site 1.0 software, specifically in its admin panel. Attackers can remotely manipulate database queries through a vulnerable parameter, potentially taking control of the site's data.
Who is affected
All users running the affected version 1.0 are vulnerable. An attacker could steal, modify, or delete sensitive data from the website's database, including user credentials and administrative information.
Recommended fix
Immediately apply any official patch from the vendor. If unavailable, the vulnerable file (/Administrator/PHP/AdminEditCategory.php) must be secured by implementing strict input validation and using parameterized queries for all database interactions.
Technical Description
A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVSS Details
Attack Vector
NETWORK
Complexity
LOW
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-89, CWE-74