CVE-2024-42780

Name of the Vulnerable Software and Affected Versions Kashipara Music Management System version 1.0

Description An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save genre" in Kashipara Music Management System. This allows attackers to execute arbitrary code via uploading a crafted PHP file. The action parameter in the /music/ajax.php endpoint is vulnerable, specifically when set to save genre.

Recommendations For Kashipara Music Management System version 1.0, as a temporary workaround, consider disabling the /music/ajax.php?action=save genre endpoint until a patch is available. Restrict access to the /music/ajax.php endpoint to minimize the risk of exploitation. Avoid using the action parameter set to save genre in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.