CVE-2026-3759
SQL Injection in Online Art Gallery Shop /adminHome.php Allows Remote Exploit
Publication date: 2026-03-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| projectworlds | online_art_gallery_shop | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3759 is a critical SQL injection vulnerability found in projectworlds Online Art Gallery Shop version 1.0, specifically in the file /admin/adminHome.php.'}, {'type': 'paragraph', 'content': "The vulnerability arises from improper handling of the 'reach_nm' parameter, which is directly incorporated into SQL queries without adequate input validation or sanitization."}, {'type': 'paragraph', 'content': 'This flaw allows attackers to inject malicious SQL code, enabling unauthorized manipulation of database queries.'}, {'type': 'paragraph', 'content': 'Exploitation does not require user authentication and can be executed remotely, making it highly accessible.'}, {'type': 'paragraph', 'content': 'Attackers can use various SQL injection techniques such as boolean-based blind, error-based, and time-based blind methods to extract sensitive data, modify or delete database contents, and potentially disrupt services.'}] [1, 2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability impacts the confidentiality, integrity, and availability of the affected system.'}, {'type': 'list_item', 'content': 'Attackers can gain unauthorized access to the database.'}, {'type': 'list_item', 'content': 'Sensitive information can be exposed or stolen.'}, {'type': 'list_item', 'content': 'Attackers can modify or delete data, compromising data integrity.'}, {'type': 'list_item', 'content': "The system's availability can be disrupted, potentially causing service outages."}, {'type': 'paragraph', 'content': 'Because the exploit requires no authentication and can be executed remotely, the risk of attack is high and exploitation is considered easy.'}] [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This SQL injection vulnerability can be detected by testing the 'reach_nm' parameter in the /admin/adminHome.php file for SQL injection flaws."}, {'type': 'paragraph', 'content': 'Tools like sqlmap have been successfully used to confirm the vulnerability by enumerating databases via the vulnerable parameter.'}, {'type': 'list_item', 'content': 'Use sqlmap to test the parameter: sqlmap -u "http://target/admin/adminHome.php" --data="reach_nm=TEST" --risk=3 --level=5'}, {'type': 'list_item', 'content': "Check for boolean-based blind SQL injection by injecting payloads using the MySQL RLIKE operator in the 'reach_nm' parameter."}, {'type': 'list_item', 'content': "Test error-based injection using MySQL's EXTRACTVALUE function to reveal database information."}, {'type': 'list_item', 'content': 'Perform time-based blind injection by injecting payloads that use the SLEEP function to infer data based on response delays.'}, {'type': 'paragraph', 'content': 'Additionally, attackers can identify vulnerable targets using Google dorking with queries like: inurl:admin/adminHome.php'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate remediation is necessary to secure the system and maintain data integrity.
- Implement prepared statements with parameter binding to separate SQL code from user input, preventing injection.
- Enforce strict input validation and filtering to ensure data conforms to expected formats.
- Minimize database user privileges by avoiding high-privilege accounts (e.g., root or admin) for routine operations.
- Conduct regular security audits of code and systems to detect and address vulnerabilities promptly.
If possible, replace the affected software with an alternative product as no known countermeasures or mitigations have been reported.