CVE-2024-42791

Name of the Vulnerable Software and Affected Versions Kashipara Music Management System version 1.0

Description A Cross-Site Request Forgery (CSRF) vulnerability was found in the Kashipara Music Management System via the /music/ajax.php endpoint, specifically with the action=delete genre parameter. This issue allows for unauthorized actions to be performed on the system. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For Kashipara Music Management System version 1.0, as a temporary workaround, consider disabling the /music/ajax.php endpoint or restricting access to it until a patch is available. Avoid using the action=delete genre parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.