CVE-2023-0961

MEDIUM

Music Gallery Site - SQL Injection

Title source: rule

Description

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221631.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Muhammad Navaid Zafar Ansari · textwebappsphp

https://www.exploit-db.com/exploits/51290

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://github.com/navaidzansari/CVE_Demo/blob/main/2023/Music%20Gallery%20Site%20-%20SQL%20Injection%202.md

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.221631

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.221631

Scores

CVSS v3 6.3

EPSS 0.0038

EPSS Percentile 59.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-89

Status published

Products (1)

music_gallery_site_project/music_gallery_site 1.0

Published Feb 22, 2023

Tracked Since Feb 18, 2026