PatchSiren cyber security CVE debrief
CVE-2026-10875 projectworlds CVE debrief
A SQL injection vulnerability has been discovered in the Online Art Gallery Shop Project 1.0. The vulnerability exists in an unknown function of the file /admin/adminHome.php, specifically in the manipulation of the argument social_twitter. This vulnerability allows for remote attacks and has been publicly disclosed. The CVSS score for this vulnerability is 2.1, indicating a low severity.
- Vendor
- projectworlds
- Product
- Online Art Gallery Shop Project
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-05
Who should care
Administrators and users of the Online Art Gallery Shop Project 1.0 should be aware of this vulnerability and take necessary steps to mitigate it.
Technical summary
The vulnerability exists in the /admin/adminHome.php file of the Online Art Gallery Shop Project 1.0. The manipulation of the social_twitter argument results in a SQL injection vulnerability. The attack can be launched remotely.
Defensive priority
Low
Recommended defensive actions
- Update to the latest version of the Online Art Gallery Shop Project, if available.
- Implement input validation and sanitization for user input.
- Use prepared statements to prevent SQL injection attacks.
Evidence notes
The vulnerability has been publicly disclosed and has a CVSS score of 2.1, indicating a low severity.
Official resources
CVE-2026-10875 was published on 2026-06-04T23:16:49.210Z and modified on 2026-06-05T13:26:15.113Z.