CVE-2026-37339 is a critical SQL Injection vulnerability (CWE-89) affecting SourceCodester Simple Music Cloud Community System v1.0. The flaw exists in the /music/view_genre.php script, where user input is not properly sanitized before being used in SQL queries. This allows remote attackers to execute arbitrary SQL commands without authentication, potentially compromising the entire database. The vulnerability has a CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No patch or official remediation has been published as of the current data.

Successful exploitation of this vulnerability can lead to full compromise of the backend database, including unauthorized disclosure, modification, or deletion of data, and potential denial of service. The high CVSS score reflects the ease of exploitation and the severe impact on confidentiality, integrity, and availability. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider implementing web application firewall (WAF) rules to detect and block SQL injection attempts targeting /music/view_genre.php. Avoid exposing the vulnerable endpoint publicly if possible and review application input validation and sanitization practices.