CVE-2026-11489

Description

A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

References

• https://code-projects.org/
• https://github.com/11snk/CVE/issues/2
• https://vuldb.com/cve/CVE-2026-11489
• https://vuldb.com/submit/834743
• https://vuldb.com/vuln/369109