Skip to content
Threat Feed
high threat exploited

code-projects Online Music Site 1.0 SQL Injection Vulnerability (CVE-2026-10178)

CVE-2026-10178 is a remote SQL injection vulnerability in code-projects Online Music Site 1.0, affecting the /Administrator/PHP/AdminEditAlbum.php file due to manipulation of the ID argument.

A SQL injection vulnerability, identified as CVE-2026-10178, has been discovered in code-projects Online Music Site version 1.0. The vulnerability resides within the /Administrator/PHP/AdminEditAlbum.php file and can be exploited remotely by manipulating the ID argument. The vulnerability allows for arbitrary SQL queries to be executed, potentially leading to data breaches or unauthorized access. Public exploits are available, increasing the risk of active exploitation. This vulnerability poses a significant threat to organizations using the affected software, potentially compromising sensitive data.

Attack Chain

  1. Attacker identifies the /Administrator/PHP/AdminEditAlbum.php endpoint of the Online Music Site 1.0 application.
  2. Attacker crafts a malicious HTTP request targeting the /Administrator/PHP/AdminEditAlbum.php endpoint.
  3. The attacker injects SQL code into the ID parameter of the HTTP request.
  4. The application’s backend script, AdminEditAlbum.php, processes the request without proper sanitization.
  5. The injected SQL code is executed against the application’s database.
  6. The attacker gains unauthorized access to database contents.
  7. The attacker exfiltrates sensitive data from the database.

Impact

Successful exploitation of CVE-2026-10178 allows remote attackers to execute arbitrary SQL commands on the underlying database of Online Music Site 1.0. This can lead to the disclosure of sensitive information, modification of data, or even complete compromise of the database server. If the database contains user credentials or other sensitive information, the attacker may be able to gain unauthorized access to other systems or services.

Recommendation

  • Apply appropriate input validation and sanitization techniques to prevent SQL injection attacks.
  • Deploy the Sigma rule Detect SQL Injection Attempt in code-projects Online Music Site (CVE-2026-10178) to your SIEM to identify potential exploitation attempts.
  • Review and harden database access controls to limit the impact of successful SQL injection attacks.
  • Monitor web server logs for suspicious activity targeting the /Administrator/PHP/AdminEditAlbum.php endpoint (see the Sigma rule for example patterns).

Detection coverage 2

Detect SQL Injection Attempt in code-projects Online Music Site (CVE-2026-10178)

high

Detects CVE-2026-10178 exploitation — SQL injection attempts targeting the /Administrator/PHP/AdminEditAlbum.php endpoint.

sigma tactics: initial_access techniques: T1190, T1505.003 sources: webserver

Detect SQL Injection Attempt in code-projects Online Music Site (CVE-2026-10178) - POST Method

high

Detects CVE-2026-10178 exploitation — SQL injection attempts targeting the /Administrator/PHP/AdminEditAlbum.php endpoint via POST method.

sigma tactics: initial_access techniques: T1190, T1505.003 sources: webserver

Detection queries are available on the platform. Get full rules →