Online Art Gallery Shop 1.0 SQL Injection Vulnerability (CVE-2026-9364)

A SQL injection vulnerability, identified as CVE-2026-9364, has been discovered in projectworlds Online Art Gallery Shop version 1.0. This vulnerability resides in the /admin/adminHome.php file and is triggered by manipulating the social_linked argument. The vulnerability allows for remote exploitation, enabling attackers to inject malicious SQL queries into the application’s database interactions. An exploit is publicly available, making exploitation more likely. This poses a significant risk to organizations using the affected software, potentially leading to data breaches and unauthorized access to sensitive information.

Attack Chain

1. The attacker identifies a vulnerable instance of Online Art Gallery Shop 1.0.
2. The attacker crafts a malicious HTTP request targeting /admin/adminHome.php.
3. The request includes a crafted social_linked parameter containing SQL injection payloads.
4. The server-side application processes the request without proper sanitization of the social_linked parameter.
5. The unsanitized input is incorporated into a SQL query executed against the application’s database.
6. The injected SQL commands are executed, potentially allowing the attacker to bypass authentication, extract sensitive data, or modify existing records.
7. The attacker leverages the SQL injection vulnerability to retrieve user credentials or other sensitive data.
8. The attacker uses the compromised credentials to gain unauthorized access to the application’s administrative interface.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2026-9364) in projectworlds Online Art Gallery Shop 1.0 can lead to unauthorized access to sensitive data, including user credentials, customer information, and financial records. The attacker could potentially modify data, escalate privileges, or even take complete control of the application and its underlying database. The NVD lists the CVSS v3.1 score as 7.3 HIGH. Given that a public exploit is available, the risk of widespread exploitation is elevated.

Recommendation

• Apply input validation and sanitization to the social_linked parameter in /admin/adminHome.php to prevent SQL injection attacks.
• Deploy the provided Sigma rules to detect potential exploitation attempts targeting CVE-2026-9364 in web server logs.
• Monitor web server logs for suspicious activity, such as requests containing SQL injection payloads, based on the provided Sigma rules.
• Consider using a web application firewall (WAF) to filter out malicious requests and protect against SQL injection attacks.