CVE-2026-1533 — Injection in Online Music Site

CWE-74 — Injection CWE-89 — SQL Injection CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition5 documents5 sources

Severity

5.1MEDIUMNVD

EPSS

0.0%

top 97.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Online Music Site Fabian Online Music Site

Timeline

PublishedJan 28

Latest updateFeb 18

Description

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/online_music_site1.0

▶NVDfabian/online_music_site1.0

🔴Vulnerability Details

CVEList

code-projects Online Music Site AdminAddCategory.php sql injection↗2026-01-28

▶

GHSA

GHSA-6j3c-8fmm-47jq: A security flaw has been discovered in code-projects Online Music Site 1↗2026-01-28

▶

📋Vendor Advisories

Red Hat

kernel: bonding: annotate data-races around slave->last_rx↗2026-02-18

▶