CVE-2023-0938

MEDIUM

SourceCodester Music Gallery Site 1.0 - SQL Injection via cid Parameter in music_list.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-0938. PoCs published by Muhammad Navaid Zafar Ansari.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Music Gallery Site v1.0 via the 'cid' parameter in music_list.php. The PoC includes a crafted HTTP request to extract database version and name.

Description

A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Muhammad Navaid Zafar Ansari · textwebappsphp

https://www.exploit-db.com/exploits/51288

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Music Gallery Site v1.0 via the 'cid' parameter in music_list.php. The PoC includes a crafted HTTP request to extract database version and name.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Music Gallery Site v1.0

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.221553

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.221553

Exploit, Third Party Advisory exploit

https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20SQL%20Injection%201.md

View Exploit ZIP pw:eip

Scores

CVSS v3 6.3

EPSS 0.0179

EPSS Percentile 75.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-89

Status published

Products (1)

music_gallery_site_project/music_gallery_site 1.0

Published Feb 21, 2023

Tracked Since Feb 18, 2026