CVE-2026-7238

MEDIUM CVSS 4.7 View on NVD ↗

Description

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

References

https://code-projects.org/
https://github.com/gtxy114514/CVE/issues/4
https://vuldb.com/submit/802840
https://vuldb.com/vuln/359846
https://vuldb.com/vuln/359846/cti

Published: Apr 28, 2026 08:16 UTC Modified: Apr 29, 2026 01:00 UTC