CVE-2024-42795

Name of the Vulnerable Software and Affected Versions Kashipara Music Management System version 1.0

Description The issue is related to an Incorrect Access Control vulnerability. This vulnerability affects the /music/view user.php and /music/controller.php API endpoints, specifically when the id parameter is used. It allows an unauthenticated attacker to view valid user details. The vulnerability is related to access control problems in these endpoints.

Recommendations For Kashipara Music Management System version 1.0, consider restricting access to the /music/view user.php and /music/controller.php API endpoints to prevent unauthorized user data exposure. As a temporary workaround, limit the use of the id parameter in these endpoints until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.