CVE-2026-10875
Description
SQL injection vulnerability in Online Art Gallery Shop Project 1.0 allows remote attackers to access and manipulate the database.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection vulnerability in Online Art Gallery Shop Project 1.0 allows remote attackers to access and manipulate the database.
Vulnerability
A SQL injection vulnerability exists in the /admin/adminHome.php file of the Online Art Gallery Shop Project version 1.0. The vulnerability arises from insufficient validation of the social_twitter parameter, which is directly incorporated into SQL queries without proper sanitization [1].
Exploitation
An attacker can exploit this vulnerability remotely without requiring authentication or login. By manipulating the social_twitter parameter with malicious SQL code, an attacker can inject arbitrary SQL queries [1].
Impact
Successful exploitation allows attackers to gain unauthorized access to the database, potentially leading to sensitive data disclosure, data tampering, or even comprehensive system control and service interruption [1].
Mitigation
No specific patched version or release date has been disclosed in the available references. Users are advised to consult projectworlds.com for any potential updates or security advisories regarding this vulnerability [1].
AI Insight generated on Jun 4, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: = 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The application directly incorporates user-supplied input from the 'social_twitter' parameter into SQL queries without proper sanitization or validation."
Attack vector
An attacker can remotely send a crafted HTTP request to the '/admin/adminHome.php' file. This request must include a malicious payload within the 'social_twitter' parameter. The application then directly uses this tainted input in a SQL query, leading to SQL injection. No login or authorization is required to exploit this vulnerability [ref_id=1].
Affected code
The vulnerability resides in the '/admin/adminHome.php' file within the Online Art Gallery Shop Project version 1.0. Specifically, the 'social_twitter' parameter is directly used in SQL queries without adequate cleaning or validation [ref_id=1].
What the fix does
The advisory suggests using prepared statements and parameter binding to prevent SQL injection by treating user input as data rather than executable code. Additionally, it recommends strict input validation and filtering to ensure data conforms to expected formats. Minimizing database user permissions and conducting regular security audits are also advised to mitigate risks [ref_id=1].
Preconditions
- networkThe vulnerable application must be accessible over the network.
- inputThe attacker must be able to send a request with a crafted 'social_twitter' parameter.
Generated on Jun 4, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.