Description

A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Related CPE's

a

fabian

online_music_site

1.0

Vulnerable

References

https://code-projects.org/

Product

https://github.com/tuo159515/sql-injection/issues/2

ExploitIssue Tracking

https://vuldb.com/?ctiid.340446

Permissions RequiredVDB Entry

https://vuldb.com/?id.340446

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.733644

Third Party AdvisoryVDB Entry

Weaknesses

[email protected]

Primary
CWE-74CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

7.3 · High

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-12T00:15:52.763Z

3 days ago

Last modified

2026-01-14T22:18:02.417Z

5 hours ago