CVE-2024-42798

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-269
View all →

Vulnerability Description

An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.

Related Vulnerabilities

CVE-2017-7922

HIGH
CVSS:7.6(High)

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sen...

CWE-2692017

CVE-2020-11466

HIGH
CVSS:7.6(High)

An issue was discovered in Deskpro before 2019.8.0. The /api/tickets endpoint failed to properly validate a user's privilege, allowing an attacker to retrieve arbitrary information about all helpdesk ...

CWE-2692020

CVE-2020-7467

HIGH
CVSS:7.6(High)

In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on ho...

CWE-2692020

CVE-2021-28702

HIGH
CVSS:7.6(High)

PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically ...

CWE-2692021

CVE-2023-23990

HIGH
CVSS:7.6(High)

Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a throu...

CWE-2692023

CVE-2024-12511

HIGH
CVSS:7.6(High)

With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access.

CWE-2692024