Lopalopa: >> Music Management System >> 1.0 Security Vulnerabilities
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-09-25
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-09-16
An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.
CVSS Score
4.2
EPSS Score
0.0
Published
2024-09-16
An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.
CVSS Score
5.9
EPSS Score
0.0
Published
2024-09-16
An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.
CVSS Score
7.6
EPSS Score
0.001
Published
2024-09-16
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-08-28
A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-08-26
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.
CVSS Score
3.5
EPSS Score
0.0
Published
2024-08-26
A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-26
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_genre.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-08-26
Page 1