What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Sticky Radio Player lbg-audio5-html5-shoutcast_sticky allows SQL Injection.This issue affects Sticky Radio Player: from n/a through <= 3.4.
Explanation of Vulnerability in Simple Terms
02Summary
Sticky Radio Player versions 3.4 and earlier contain a SQL injection vulnerability accessible to authenticated users with low privileges. An attacker can craft malicious input to extract or modify database records, including sensitive information. The vulnerability affects the entire application scope due to database access. No user interaction is required once authenticated.
What an attacker can do
03Attacker Capabilities
Read or modify database records, including user data and site configuration, via SQL injection.
Potential impact on your site
04Site Impact
Unauthorized access to database contents and potential data modification or loss affecting all site users.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
May 16, 2025
CVE published
April 28, 2026
Record updated