5.9
CVE-2024-42796
- EPSS 0.23%
- Veröffentlicht 16.09.2024 20:15:46
- Zuletzt bearbeitet 28.04.2025 14:56:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Lopalopa ≫ Music Management System Version1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.137 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.9 | 2.5 | 3.4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code
https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Delete%20Genre.pdf