Incorrect Access Control in Kashipara Music Management System
CVE-2024-42795

Currently unrated

Key Information:

Vendor: Kashipara
Status: Music Management System
Vendor: CVE Published:; 16 September 2024

What is CVE-2024-42795?

A vulnerability exists in the Kashipara Music Management System v1.0, allowing unauthorized users to access sensitive information. Specifically, an incorrect access control implementation in the endpoints /music/view_user.php and /music/controller.php exposes valid user details to unauthenticated attackers. This allows potential exploitation without the need for user credentials, posing a significant threat to data confidentiality.

References

https://www.kashipara.com/

https://github.com/takekaramey/CVE_Writeup/blob/main/Kash...

Timeline

Vulnerability published
Sep 16, 2024