{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-37339", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-16T14:38:34.839Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-04-16T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-16T14:38:34.839Z"}, "descriptions": [{"lang": "en", "value": "SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-3.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php."}], "id": "CVE-2026-37339", "lastModified": "2026-04-16T15:17:36.790", "metrics": {}, "published": "2026-04-16T15:17:36.790", "references": [{"source": "cve@mitre.org", "url": "https://github.com/mt-0505/cve-report/blob/main/sourcecodester/simple-music-cloud-community-system/SQL-3.md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 75.0, "confidence_source": "inferred", "scores": [{"score": 75.0, "source": "inferred"}, {"score": 93.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "simple_music_cloud_community_system", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-17T04:58:59.178951+00:00", "value": {"mitigation_remediation": ["Apply a patch or upgrade to the fixed version when available from the vendor or repository.", "If a patch is not yet released, modify view_genre.php to use prepared statements or parameterized queries for all database interactions.", "Validate and sanitize all input parameters before using them in SQL statements, for example by allowing only numeric values for expected IDs.", "Restrict the database user privileges to the minimum necessary for the application.", "Regularly audit application logs for unusual query patterns and monitor for attempted injection."], "summary": {"action": "Patch", "impact": "SQL Injection leading to potential data breach and integrity loss"}, "threat_synthesis": {"affected_systems": "The affected system is SourceCodester Simple Music Cloud Community System, version 1.0.", "description_and_impact": "The vulnerability is a SQL injection in /music/view_genre.php of SourceCodester Simple Music Cloud Community System v1.0. The code fails to properly sanitize input parameters, enabling an attacker to inject arbitrary SQL statements. This can lead to reading, modifying, or deleting data from the underlying database, representing a potential data breach or loss of integrity.", "risk_and_exploitability": "The attack vector is inferred to be remote via the web interface, as the vulnerable file is accessed by HTTP requests. No CVSS score or EPSS value is available, and the vulnerability is not in the CISA KEV catalog. Consequently, the likelihood of exploitation is unknown, but typical SQL injection risk is considered significant, especially if the database user has high privileges and the application lacks input validation or parameterization. Prompt remediation is recommended."}}}}, "created": "2026-04-16T18:58:47.605143+00:00", "title": "SQL Injection in View Genre Page of Simple Music Cloud Community System", "updated": "2026-04-17T05:00:05.514631+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$simple_music_cloud_community_system"], "weaknesses": ["CWE-89"]}