CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42797
https://notcve.org/view.php?id=CVE-2024-42797
24 Sep 2024 — An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Delete%20Playlist.pdf • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42794
https://notcve.org/view.php?id=CVE-2024-42794
16 Sep 2024 — Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Save%20User%20%26%20Account%20Takeover.pdf • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42795
https://notcve.org/view.php?id=CVE-2024-42795
16 Sep 2024 — An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20View%20User.pdf • CWE-284: Improper Access Control •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42796
https://notcve.org/view.php?id=CVE-2024-42796
16 Sep 2024 — An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Delete%20Genre.pdf • CWE-284: Improper Access Control •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42798
https://notcve.org/view.php?id=CVE-2024-42798
16 Sep 2024 — An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Priv%20Esc%20-%20Save%20Edit%20User%20-%20AC%20Takeover.pdf • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42793
https://notcve.org/view.php?id=CVE-2024-42793
28 Aug 2024 — A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/CSRF%20-%20Edit%20User.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42787
https://notcve.org/view.php?id=CVE-2024-42787
26 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Stored%20XSS%20-%20Add%20Playlist.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42788
https://notcve.org/view.php?id=CVE-2024-42788
26 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Stored%20XSS%20-%20Add%20New%20Music%20List.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42789
https://notcve.org/view.php?id=CVE-2024-42789
26 Aug 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Reflected%20XSS%20-%20Controller.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42790
https://notcve.org/view.php?id=CVE-2024-42790
26 Aug 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Reflected%20XSS%20-%20index.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •