CVE-2024-42785

Name of the Vulnerable Software and Affected Versions Kashipara Music Management System version 1.0

Description A SQL injection vulnerability in the /music/index.php?page=view playlist endpoint allows an attacker to execute arbitrary SQL commands via the id parameter. This issue enables an attacker to potentially access or manipulate sensitive data within the database.

Recommendations For Kashipara Music Management System version 1.0, consider disabling the id parameter in the /music/index.php?page=view playlist endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.