Vulnerabilities > Lopalopa > Music Management System > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-28 CVE-2024-42793 Cross-Site Request Forgery (CSRF) vulnerability in Lopalopa Music Management System 1.0
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.
network
low complexity
lopalopa CWE-352
8.0
8.0
2024-08-21 CVE-2024-42778 Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0.
network
low complexity
lopalopa CWE-434
8.8
8.8
2024-08-21 CVE-2024-42779 Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0.
network
low complexity
lopalopa CWE-434
8.8
8.8
2024-08-21 CVE-2024-42780 Unrestricted Upload of File with Dangerous Type vulnerability in Lopalopa Music Management System 1.0
An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0.
network
low complexity
lopalopa CWE-434
8.8
8.8
2024-08-21 CVE-2024-42785 SQL Injection vulnerability in Lopalopa Music Management System 1.0
A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.
network
low complexity
lopalopa CWE-89
8.8
8.8
2024-08-21 CVE-2024-42786 SQL Injection vulnerability in Lopalopa Music Management System 1.0
A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page.
network
low complexity
lopalopa CWE-89
8.8
8.8