GCVE - cpe:2.3:a:kashipara:music_management_system:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kashipara:music_management_system:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Kashipara (`6b7db86c-2a94-5a2d-adbe-6158c7191f84`)
Product	Music Management System (`aae55105-2f20-5f62-a880-70441b2833e6`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-42798`	vulnerable	2026-06-03 14:56:42.991230	Details available An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account. Published: 2024-09-16T00:00:00.000Z Updated: 2024-09-18T15:41:30.912Z Open on db.gcve.eu Reference links https://www.kashipara.com/ https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Priv%20Esc%20-%20Save%20Edit%20User%20-%20AC%20Takeover.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42796`	vulnerable	2026-06-03 14:56:42.990380	Details available An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries. Published: 2024-09-16T00:00:00.000Z Updated: 2024-09-18T15:46:11.442Z Open on db.gcve.eu Reference links https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Delete%20Genre.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42795`	vulnerable	2026-06-03 14:56:42.990029	Details available An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details. Published: 2024-09-16T00:00:00.000Z Updated: 2024-09-18T15:48:48.580Z Open on db.gcve.eu Reference links https://www.kashipara.com/ https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20View%20User.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42794`	vulnerable	2026-06-03 14:56:42.989674	Details available Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user. Published: 2024-09-16T00:00:00.000Z Updated: 2024-09-18T18:32:13.603Z Open on db.gcve.eu Reference links https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Broken%20Access%20Control%20-%20Save%20User%20%26%20Account%20Takeover.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42793`	vulnerable	2026-06-03 14:56:42.989323	Details available A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page. Published: 2024-08-28T00:00:00.000Z Updated: 2024-08-28T20:01:46.176Z Open on db.gcve.eu Reference links https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/CSRF%20-%20Edit%20User.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42786`	vulnerable	2026-06-03 14:56:42.986664	Details available A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page. Published: 2024-08-21T00:00:00.000Z Updated: 2024-08-21T20:32:26.291Z Open on db.gcve.eu Reference links https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20View%20Profile.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42785`	vulnerable	2026-06-03 14:56:42.986168	Details available A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. Published: 2024-08-21T00:00:00.000Z Updated: 2024-08-22T15:04:42.887Z Open on db.gcve.eu Reference links https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20View%20Playlist.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42784`	vulnerable	2026-06-03 14:56:42.985646	Details available A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter. Published: 2024-08-21T00:00:00.000Z Updated: 2024-08-22T13:45:31.119Z Open on db.gcve.eu Reference links https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20View%20Music%20List.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42782`	vulnerable	2026-06-03 14:56:42.984847	Details available A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter. Published: 2024-08-21T00:00:00.000Z Updated: 2024-08-22T15:02:29.648Z Open on db.gcve.eu Reference links https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/SQL%20Injection%20-%20Find%20Music.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42779`	vulnerable	2026-06-03 14:56:42.982049	Details available An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file. Published: 2024-08-21T00:00:00.000Z Updated: 2024-08-22T13:44:14.641Z Open on db.gcve.eu Reference links https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Unrestricted%20File%20Upload%20-%20Add%20New%20Music%20List.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-42777`	vulnerable	2026-06-03 14:56:42.980127	Details available An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file. Published: 2024-08-21T00:00:00.000Z Updated: 2024-08-21T20:18:22.452Z Open on db.gcve.eu Reference links https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/Unrestricted%20File%20Upload%20-%20SignUp.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.