CVE-2026-1535
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
3Tags
Description
A security vulnerability has been detected in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Administrator/PHP/AdminReply.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
Analysis
SQL injection in Online Music Site 1.0's AdminReply.php allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary SQL queries, potentially compromising database confidentiality and integrity. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Isolate or take offline the affected /Administrator/PHP/AdminReply.php file; implement WAF rules to block malicious requests targeting this endpoint; audit logs for any suspicious access attempts. Within 7 days: Deploy network segmentation to restrict administrative access; conduct a full security assessment of the application; establish communication with the vendor regarding patch timeline. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today