CVE-2024-42778

Name of the Vulnerable Software and Affected Versions Kashipara Music Management System version 1.0

Description An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save playlist" in Kashipara Music Management System. This allows attackers to execute arbitrary code via uploading a crafted PHP file.

Recommendations For Kashipara Music Management System version 1.0, as a temporary workaround, consider disabling the "/music/ajax.php?action=save playlist" endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.