CVE-2024-42779

Name of the Vulnerable Software and Affected Versions Kashipara Music Management System version 1.0

Description An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save music" in Kashipara Music Management System. This allows attackers to execute arbitrary code via uploading a crafted PHP file.

Recommendations For Kashipara Music Management System version 1.0, consider disabling the "/music/ajax.php?action=save music" endpoint until a patch is available to prevent arbitrary code execution via crafted PHP file uploads. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using this endpoint for file uploads until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.