Music_management_system - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Music_management_system
(Lopalopa)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	22

Date	Id	Summary	Products	Score	Patch	Annotated
2024-08-26	CVE-2024-42787	A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields.	Music_management_system	N/A
2024-08-26	CVE-2024-42789	A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.	Music_management_system	N/A
2024-08-26	CVE-2024-42788	A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields.	Music_management_system	N/A
2024-08-26	CVE-2024-42791	A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_genre.	Music_management_system	N/A
2024-09-16	CVE-2024-42794	Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.	Music_management_system	N/A
2024-09-16	CVE-2024-42795	An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.	Music_management_system	N/A
2024-09-16	CVE-2024-42796	An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.	Music_management_system	N/A
2024-09-16	CVE-2024-42798	An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.	Music_management_system	N/A
2024-09-25	CVE-2024-42797	An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.	Music_management_system	N/A
2024-08-21	CVE-2024-42778	An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.	Music_management_system	8.8