A vulnerability described as critical has been identified in code-projects Online Music Site 1.0 . This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php . The manipulation of the argument ID results in sql injection. This vulnerability was named CVE-2026-11489 . The attack may be performed from remote. In addition, an exploit is available.