CVE-2026-7238

MEDIUM

code-projects Online Music Site AdminUpdateAlbum.php unrestricted upload

Title source: cna
STIX 2.1

Description

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.

References (5)

Scores

CVSS v3 4.7
EPSS 0.0003
EPSS Percentile 10.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-284 CWE-434
Status published
Products (1)
code-projects/Online Music Site 1.0
Published Apr 28, 2026
Tracked Since Apr 28, 2026