What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Responsive HTML5 Audio Player PRO With Playlist lbg-audio2-html5 allows SQL Injection.This issue affects Responsive HTML5 Audio Player PRO With Playlist: from n/a through <= 3.5.7.
Explanation of Vulnerability in Simple Terms
02Summary
Responsive HTML5 Audio Player PRO With Playlist versions 3.5.7 and earlier contain a SQL injection vulnerability. An authenticated user with low privileges can craft malicious input to execute arbitrary SQL queries against the site's database. This can expose sensitive data and potentially disrupt site availability. Update to a version newer than 3.5.7.
What an attacker can do
03Attacker Capabilities
Read sensitive database records and disrupt site availability through SQL injection.
Potential impact on your site
04Site Impact
Database contents may be exposed; site performance or availability could be degraded.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege authenticated account on the site.
Key dates
06Disclosure timeline
May 16, 2025
CVE published
April 28, 2026
Record updated