CVE-2024-42797

Name of the Vulnerable Software and Affected Versions Kashipara Music Management System version 1.0

Description An Incorrect Access Control issue was found in the "/music/ajax.php?action=delete playlist" endpoint. This issue allows an unauthenticated attacker to delete valid music playlist entries.

Recommendations For Kashipara Music Management System version 1.0, as a temporary workaround, consider restricting access to the "/music/ajax.php?action=delete playlist" endpoint until a patch is available. Additionally, limiting the functionality of the delete playlist action can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.