CVE Catalog

CVE-2026-11489

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Summary

A vulnerability was found in Online Music Site version 1.0, affecting the file /Administrator/PHP/AdminDeleteAlbum.php. Manipulation of the ID argument leads to SQL injection, which can be performed remotely.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to the database, potentially leading to data disclosure or modification.

Recommendation

It is recommended to update to the latest version of the software and implement input validation to prevent SQL injection.

Original NVD description (English source)

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS