{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0569", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-02T07:56:18.343Z", "datePublished": "2026-01-02T18:32:06.995Z", "dateUpdated": "2026-02-23T08:10:21.010Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:10:21.010Z"}, "title": "code-projects Online Music Site AlbumByCategory.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "code-projects", "product": "Online Music Site", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-02T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-02T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-09T23:23:50.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "L0ser (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.339381", "name": "VDB-339381 | code-projects Online Music Site AlbumByCategory.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.339381", "name": "VDB-339381 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.729252", "name": "Submit #729252 | Code-projects ONLINE MUSIC SITE v1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Limingqian123/CVE/issues/16", "tags": ["exploit", "issue-tracking"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"references": [{"url": "https://github.com/Limingqian123/CVE/issues/16", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-05T20:45:09.796767Z", "id": "CVE-2026-0569", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-05T21:49:47.457Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0569", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-05T20:45:09.796767Z"}}}], "references": [{"url": "https://github.com/Limingqian123/CVE/issues/16", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-05T20:45:13.124Z"}}], "cna": {"tags": ["x_freeware"], "title": "code-projects Online Music Site AlbumByCategory.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "L0ser (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "code-projects", "product": "Online Music Site", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-01-02T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-02T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-09T23:23:50.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.339381", "name": "VDB-339381 | code-projects Online Music Site AlbumByCategory.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.339381", "name": "VDB-339381 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.729252", "name": "Submit #729252 | Code-projects ONLINE MUSIC SITE v1.0 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Limingqian123/CVE/issues/16", "tags": ["exploit", "issue-tracking"]}, {"url": "https://code-projects.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:10:21.010Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0569", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:10:21.010Z", "dateReserved": "2026-01-02T07:56:18.343Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-02T18:32:06.995Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fabian:online_music_site:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EEE01F25-5D13-4657-A849-2AA9890C8510", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."}, {"lang": "es", "value": "Una vulnerabilidad ha sido encontrada en code-projects Online Music Site 1.0. Esto afecta una funci\u00f3n desconocida del archivo /Frontend/AlbumByCategory.php. Tal manipulaci\u00f3n del argumento ID lleva a inyecci\u00f3n SQL. Es posible lanzar el ataque remotamente. El exploit ha sido divulgado al p\u00fablico y puede ser usado."}], "id": "CVE-2026-0569", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-02T19:15:47.260", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://code-projects.org/"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Limingqian123/CVE/issues/16"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.339381"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.339381"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.729252"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/Limingqian123/CVE/issues/16"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T08:33:24.404343+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched version of Code-Projects Online Music Site where the AlbumByCategory.php input validation has been fixed.", "Implement server\u2011side input validation and use parameterized queries or prepared statements when handling the ID parameter to eliminate unsanitized SQL entry.", "Deploy a web application firewall or intrusion detection rule tailored to block typical SQL injection payloads against the AlbumByCategory.php endpoint."], "summary": {"action": "Immediate Patch", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the code-projects Online Music Site, version 1.0. This includes the frontend component album handling script located at /Frontend/AlbumByCategory.php. No other product versions were identified as affected.", "description_and_impact": "A web input parameter in the file AlbumByCategory.php is not properly sanitized, allowing an attacker to inject arbitrary SQL statements through a manipulated ID argument. This SQL injection flaw can lead to unauthorized data exposure, data manipulation, or in some configurations to remote code execution if the database is compromised or misconfigured. The weakness illustrated by CWE-89 is a classic case of unsanitized user input permitting arbitrary query execution.", "risk_and_exploitability": "The severity score of 6.9 indicates a moderate to high risk. The EPSS score is below 1%, suggesting a low probability of widespread exploitation at present. The vulnerability is not listed in the CISA KEV catalog, so no public exploitation resources are confirmed. Attack vectors are remote, requiring only that a user supplies a crafted ID value in a request that reaches the vulnerable script. Successful exploitation would give the attacker the ability to read or alter database records associated with album listings."}}}}, "created": "2026-01-05T10:13:48.894812+00:00", "updated": "2026-04-18T08:45:41.395055+00:00", "vendors": ["code-projects", "code-projects$PRODUCT$online_music_site"]}