Incorrect Access Control in Kashipara Music Management System
CVE-2024-42794

Currently unrated

Key Information:

Vendor

Kashipara

Status
Music Management System
Vendor
CVE Published:
16 September 2024

What is CVE-2024-42794?

The Kashipara Music Management System version 1.0 is susceptible to incorrect access control through the endpoint /music/ajax.php?action=save_user. This vulnerability allows unauthorized users to manipulate user data and potentially gain access to restricted features, highlighting a critical need for improved access control measures within the system's design.

References

https://www.kashipara.com/project/php/12978/music-managem...
https://github.com/takekaramey/CVE_Writeup/blob/main/Kash...

Timeline

  • Vulnerability published

.
CVE-2024-42794 : Incorrect Access Control in Kashipara Music Management System