CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42798
https://notcve.org/view.php?id=CVE-2024-42798
16 Sep 2024 — An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Priv%20Esc%20-%20Save%20Edit%20User%20-%20AC%20Takeover.pdf • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42793
https://notcve.org/view.php?id=CVE-2024-42793
28 Aug 2024 — A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/CSRF%20-%20Edit%20User.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41236
https://notcve.org/view.php?id=CVE-2024-41236
28 Aug 2024 — A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/SQL%20Injection%20-%20Admin.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42787
https://notcve.org/view.php?id=CVE-2024-42787
26 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Stored%20XSS%20-%20Add%20Playlist.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42788
https://notcve.org/view.php?id=CVE-2024-42788
26 Aug 2024 — A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Stored%20XSS%20-%20Add%20New%20Music%20List.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42789
https://notcve.org/view.php?id=CVE-2024-42789
26 Aug 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Reflected%20XSS%20-%20Controller.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42790
https://notcve.org/view.php?id=CVE-2024-42790
26 Aug 2024 — A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Reflected%20XSS%20-%20index.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42791
https://notcve.org/view.php?id=CVE-2024-42791
26 Aug 2024 — A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_genre. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/CSRF%20-%20Delete%20Genre.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42792
https://notcve.org/view.php?id=CVE-2024-42792
26 Aug 2024 — A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/CSRF%20-%20Delete%20Playlist.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42764
https://notcve.org/view.php?id=CVE-2024-42764
23 Aug 2024 — Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php. • https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Bus%20Ticket%20Reservation%20System%20v1.0/CSRF.pdf • CWE-352: Cross-Site Request Forgery (CSRF) •