{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/online-music-site-1.0/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-10178"}],"_cs_exploited":true,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Online Music Site 1.0"],"_cs_severities":["high"],"_cs_tags":["sql-injection","web-application","cve"],"_cs_type":"threat","_cs_vendors":["code-projects"],"content_html":"\u003cp\u003eA SQL injection vulnerability, identified as CVE-2026-10178, has been discovered in code-projects Online Music Site version 1.0. The vulnerability resides within the \u003ccode\u003e/Administrator/PHP/AdminEditAlbum.php\u003c/code\u003e file and can be exploited remotely by manipulating the \u003ccode\u003eID\u003c/code\u003e argument. The vulnerability allows for arbitrary SQL queries to be executed, potentially leading to data breaches or unauthorized access. Public exploits are available, increasing the risk of active exploitation. This vulnerability poses a significant threat to organizations using the affected software, potentially compromising sensitive data.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies the \u003ccode\u003e/Administrator/PHP/AdminEditAlbum.php\u003c/code\u003e endpoint of the Online Music Site 1.0 application.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request targeting the \u003ccode\u003e/Administrator/PHP/AdminEditAlbum.php\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the \u003ccode\u003eID\u003c/code\u003e parameter of the HTTP request.\u003c/li\u003e\n\u003cli\u003eThe application\u0026rsquo;s backend script, \u003ccode\u003eAdminEditAlbum.php\u003c/code\u003e, processes the request without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe injected SQL code is executed against the application\u0026rsquo;s database.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to database contents.\u003c/li\u003e\n\u003cli\u003eThe attacker exfiltrates sensitive data from the database.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-10178 allows remote attackers to execute arbitrary SQL commands on the underlying database of Online Music Site 1.0. This can lead to the disclosure of sensitive information, modification of data, or even complete compromise of the database server. If the database contains user credentials or other sensitive information, the attacker may be able to gain unauthorized access to other systems or services.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply appropriate input validation and sanitization techniques to prevent SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect SQL Injection Attempt in code-projects Online Music Site (CVE-2026-10178)\u003c/code\u003e to your SIEM to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eReview and harden database access controls to limit the impact of successful SQL injection attacks.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity targeting the \u003ccode\u003e/Administrator/PHP/AdminEditAlbum.php\u003c/code\u003e endpoint (see the Sigma rule for example patterns).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-31T11:17:26Z","date_published":"2026-05-31T11:17:26Z","id":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-10178-sql-injection/","summary":"CVE-2026-10178 is a remote SQL injection vulnerability in code-projects Online Music Site 1.0, affecting the /Administrator/PHP/AdminEditAlbum.php file due to manipulation of the ID argument.","title":"code-projects Online Music Site 1.0 SQL Injection Vulnerability (CVE-2026-10178)","url":"https://feed.craftedsignal.io/briefs/2026-05-cve-2026-10178-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Online Music Site 1.0","version":"https://jsonfeed.org/version/1.1"}