Cross-Site Request Forgery (CSRF) Vulnerability Discovered in Kashipara Music Management System
CVE-2024-42793

8HIGH

Key Information:

Vendor

Kashipara Music Management System

Status
Music Management System
Vendor
CVE Published:
28 August 2024

What is CVE-2024-42793?

The Kashipara Music Management System v1.0 suffers from a Cross-Site Request Forgery (CSRF) vulnerability due to inadequately protected endpoints. Specifically, a crafted request can be sent to the /music/ajax.php?action=save_user page, which may allow unauthorized users to manipulate user accounts or settings without proper authorization. This vulnerability underscores the importance of implementing anti-CSRF tokens and other security measures to validate requests effectively.

References

https://www.kashipara.com/project/php/12978/music-managem...
https://github.com/takekaramey/CVE_Writeup/blob/main/Kash...

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-42793 : Cross-Site Request Forgery (CSRF) Vulnerability Discovered in Kashipara Music Management System