PatchSiren cyber security CVE debrief
CVE-2026-10874 projectworlds CVE debrief
A SQL injection vulnerability was identified in the Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument social_insta leads to SQL injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
- Vendor
- projectworlds
- Product
- Online Art Gallery Shop Project
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Users of Online Art Gallery Shop Project 1.0, particularly those who have not applied the necessary patches, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 2.1 and is classified as LOW severity. It is related to CWE-74 and CWE-89.
Defensive priority
low
Recommended defensive actions
- Apply patches or updates to the Online Art Gallery Shop Project 1.0 as soon as they are available.
- Implement input validation and sanitization to prevent SQL injection attacks.
- Monitor the system for suspicious activity and implement logging and auditing mechanisms.
Evidence notes
The vulnerability was reported by an unknown vendor and has a low confidence level. The CVE record was published on 2026-06-04T23:16:49.023Z and modified on 2026-06-05T13:26:15.113Z.
Official resources
CVE-2026-10874 was published on 2026-06-04T23:16:49.023Z and modified on 2026-06-05T13:26:15.113Z.