Shodan
Vulnerabilities
Vulnerable Software
Lopalopa:  Security Vulnerabilities
CVE-2024-42793
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-08-28
CVE-2024-41236
A SQL injection vulnerability in /smsa/admin_login.php in Kashipara Responsive School Management System v3.2.0 allows an attacker to execute arbitrary SQL commands via the "username" parameter of the Admin Login Page
CVSS Score
7.2
EPSS Score
0.001
Published
2024-08-28
CVE-2024-42790
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-08-26
CVE-2024-42792
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.
CVSS Score
3.5
EPSS Score
0.0
Published
2024-08-26
CVE-2024-42788
A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-26
CVE-2024-42791
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_genre.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-08-26
CVE-2024-42787
A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-26
CVE-2024-42789
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.
CVSS Score
6.3
EPSS Score
0.003
Published
2024-08-26
CVE-2024-42778
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-08-21
CVE-2024-42779
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-08-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved