CVE-2024-2930

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=save_music. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258001 was assigned to this vulnerability.

CVSS v3 7.3 HIGH
CVSS v2.0 7.5 HIGH

7.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/xuanluansec/vul/blob/main/vul/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code.md	Exploit Third Party Advisory
https://vuldb.com/?ctiid.258001	Permissions Required VDB Entry
https://vuldb.com/?id.258001	Third Party Advisory VDB Entry
https://vuldb.com/?submit.304234	Third Party Advisory VDB Entry
https://github.com/xuanluansec/vul/blob/main/vul/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code.md	Exploit Third Party Advisory
https://vuldb.com/?ctiid.258001	Permissions Required VDB Entry
https://vuldb.com/?id.258001	Third Party Advisory VDB Entry
https://vuldb.com/?submit.304234	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:oretnom23:music_gallery_site:1.0:*:*:*:*:*:*:*

History

18 Feb 2025, 17:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:oretnom23:music_gallery_site:1.0:::::::*
First Time		Oretnom23 music Gallery Site Oretnom23
References	() https://github.com/xuanluansec/vul/blob/main/vul/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code.md -	() https://github.com/xuanluansec/vul/blob/main/vul/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code.md - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.258001 -~~	() https://vuldb.com/?ctiid.258001 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.258001 -~~	() https://vuldb.com/?id.258001 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.304234 -~~	() https://vuldb.com/?submit.304234 - Third Party Advisory, VDB Entry

21 Nov 2024, 09:10

Type	Values Removed	Values Added
References	() https://github.com/xuanluansec/vul/blob/main/vul/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code.md -	() https://github.com/xuanluansec/vul/blob/main/vul/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code/Music%20Gallery%20Site%20using%20PHP%20and%20MySQL%20Database%20Free%20Source%20Code.md -
References	~~() https://vuldb.com/?ctiid.258001 -~~	() https://vuldb.com/?ctiid.258001 -
References	~~() https://vuldb.com/?id.258001 -~~	() https://vuldb.com/?id.258001 -
References	~~() https://vuldb.com/?submit.304234 -~~	() https://vuldb.com/?submit.304234 -

27 Mar 2024, 12:29

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en SourceCodester Music Gallery Site 1.0. Ha sido declarada crítica. Una función desconocida del archivo classs/Master.php?f=save_music es afectada por esta vulnerabilidad. La manipulación conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. A esta vulnerabilidad se le asignó el identificador VDB-258001.

27 Mar 2024, 00:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-27 00:15

Updated : 2025-02-18 17:00

NVD link : CVE-2024-2930

Mitre link : CVE-2024-2930

CVE.ORG link : CVE-2024-2930

JSON object : View

Products Affected

oretnom23

music_gallery_site

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

7.3 /10