Lopalopa

Music Management System

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2024-42797

Exploit
  • EPSS 0.43%
  • Veröffentlicht 25.09.2024 01:15:42
  • Zuletzt bearbeitet 28.04.2025 17:10:19

An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.

7.6

CVE-2024-42798

Exploit
  • EPSS 0.08%
  • Veröffentlicht 16.09.2024 20:15:46
  • Zuletzt bearbeitet 28.04.2025 14:56:09

An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.

5.9

CVE-2024-42796

Exploit
  • EPSS 0.08%
  • Veröffentlicht 16.09.2024 20:15:46
  • Zuletzt bearbeitet 28.04.2025 14:56:46

An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.

4.2

CVE-2024-42795

Exploit
  • EPSS 0.05%
  • Veröffentlicht 16.09.2024 20:15:46
  • Zuletzt bearbeitet 28.04.2025 15:08:25

An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details...

4.7

CVE-2024-42794

Exploit
  • EPSS 0.07%
  • Veröffentlicht 16.09.2024 20:15:46
  • Zuletzt bearbeitet 28.04.2025 15:09:59

Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.

8

CVE-2024-42793

Exploit
  • EPSS 0.12%
  • Veröffentlicht 28.08.2024 20:15:07
  • Zuletzt bearbeitet 30.08.2024 15:56:51

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.

3.5

CVE-2024-42792

Exploit
  • EPSS 0.09%
  • Veröffentlicht 26.08.2024 17:15:06
  • Zuletzt bearbeitet 05.09.2024 18:35:24

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.

5.4

CVE-2024-42790

Exploit
  • EPSS 0.31%
  • Veröffentlicht 26.08.2024 17:15:06
  • Zuletzt bearbeitet 05.09.2024 18:36:04

A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.

8.8

CVE-2024-42791

Exploit
  • EPSS 0.19%
  • Veröffentlicht 26.08.2024 16:15:09
  • Zuletzt bearbeitet 06.05.2025 13:50:40

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_genre.

6.1

CVE-2024-42788

Exploit
  • EPSS 0.37%
  • Veröffentlicht 26.08.2024 16:15:09
  • Zuletzt bearbeitet 06.05.2025 13:50:49

A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields...