Primary

Context

Code-Projects Online Music Site SQL Injection Vulnerability in Albums.php

Vulnerability

A SQL injection vulnerability has been identified in Code-Projects Online Music Site version 1.0. The issue resides in the FrontEnd/Albums.php file, where the 'id' parameter is not properly sanitized, allowing for SQL injection attacks. This vulnerability can be exploited remotely, and an exploit is publicly available.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate database queries to execute arbitrary SQL code. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to the 'Frontend/Search.php' endpoint with the 'category' parameter set to 'SELECT' and the 'search' parameter containing the crafted SQL injection payload. The request must be made while not logged into the application.

Added: Jan 5, 2026, 11:18 PM

Updated: Jan 5, 2026, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.9

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

1.9

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code-Projects Online Music Site SQL Injection Vulnerability in Albums.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating