PT-2024-30169 · Unknown · Kashipara Music Management System
Published
2024-09-16
·
Updated
2024-09-20
·
CVE-2024-42796
CVSS v3.1
5.9
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Kashipara Music Management System version 1.0
Description
An Incorrect Access Control issue was found in the "/music/ajax.php?action=delete genre" API endpoint. This allows an unauthenticated attacker to delete valid music genre entries.
Recommendations
For Kashipara Music Management System version 1.0, consider restricting access to the "/music/ajax.php?action=delete genre" API endpoint until a patch is available. As a temporary workaround, disabling the delete genre functionality can help minimize the risk of exploitation.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kashipara Music Management System