CVEDB API

Vulnerabilities

Vulnerable Software

Security Vulnerabilities - CVEs Published In August 2024

CVE-2024-41572

Learning with Texts (LWT) 2.0.3 is vulnerable to Cross Site Scripting (XSS). The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user credentials or execute actions such as injecting malicious scripts or redirecting users to malicious sites.

CVSS Score

6.1

EPSS Score

0.002

Published

2024-08-21

CVE-2024-42778

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVSS Score

8.8

EPSS Score

0.003

Published

2024-08-21

CVE-2024-42779

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVSS Score

8.8

EPSS Score

0.003

Published

2024-08-21

CVE-2024-42780

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVSS Score

8.8

EPSS Score

0.003

Published

2024-08-21

CVE-2024-42781

A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter.

CVSS Score

9.8

EPSS Score

0.001

Published

2024-08-21

CVE-2024-42782

A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.

CVSS Score

9.8

EPSS Score

0.001

Published

2024-08-21

CVE-2024-42783

Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter.

CVSS Score

9.8

EPSS Score

0.002

Published

2024-08-21

CVE-2024-42784

A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.

CVSS Score

9.8

EPSS Score

0.002

Published

2024-08-21

CVE-2024-42785

A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.

CVSS Score

8.8

EPSS Score

0.001

Published

2024-08-21

CVE-2024-42786

A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page.

CVSS Score

8.8

EPSS Score

0.002

Published

2024-08-21

Prev Next

Page 73

Vulnerabilities

Vulnerable Software

Security Vulnerabilities - CVEs Published In August 2024

Products

Pricing

Contact Us