A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.
References
Configurations
History
05 Sep 2024, 18:35
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:lopalopa:music_management_system:1.0:*:*:*:*:*:*:* | |
| References | () https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Music%20Management%20System%20v1.0/CSRF%20-%20Delete%20Playlist.pdf - Exploit, Third Party Advisory | |
| References | () https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code - Product | |
| Summary |
|
|
| First Time |
Lopalopa music Management System
Lopalopa |
26 Aug 2024, 18:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.5 |
| CWE | CWE-352 |
26 Aug 2024, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-08-26 17:15
Updated : 2024-09-05 18:35
NVD link : CVE-2024-42792
Mitre link : CVE-2024-42792
CVE.ORG link : CVE-2024-42792
JSON object : View
Products Affected
lopalopa
- music_management_system
CWE
CWE-352
Cross-Site Request Forgery (CSRF)