CVE-2026-7238

MEDIUM NVD

CVSS Score 4.7

Severity MEDIUM

Published Apr 28, 2026

Vendor unknown

Description

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.

References

https://code-projects.org/
https://github.com/gtxy114514/CVE/issues/4
https://vuldb.com/submit/802840
https://vuldb.com/vuln/359846
https://vuldb.com/vuln/359846/cti