CVE-2026-7238 PUBLISHED

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.

• the_better_you (VulDB User) reporter

• VDB-359846 | code-projects Online Music Site AdminUpdateAlbum.php unrestricted upload
• VDB-359846 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #802840 | Code-projects ONLINE MUSIC SITE v1.0 Arbitrary file upload vulnerability
• https://github.com/gtxy114514/CVE/issues/4
• https://code-projects.org/

• Unrestricted Upload CWE
• Improper Access Controls CWE