Lopalopa Music Management System

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Lopalopa Music Management System.

By the Year

In 2026 there have been 0 vulnerabilities in Lopalopa Music Management System. Music Management System did not have any published security vulnerabilities last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	0	0.00
2024	22	8.45

It may take a day or so for new Music Management System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Lopalopa Music Management System Security Vulnerabilities

Kashipara Music Management v1.0 Unauth Delete Playlist via AJAX
CVE-2024-42797 - September 25, 2024

An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_playlist in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music playlist entries.

Incorrect Access Control in Kashipara v1.0 via ajax.php
CVE-2024-42794 - September 16, 2024

Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=save_user.

Unauth Access to /music/view_user.php in Kashipara Music MS v1.0
CVE-2024-42795 - September 16, 2024

An Incorrect Access Control vulnerability was found in /music/view_user.php?id=3 and /music/controller.php?page=edit_user&id=3 in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to view valid user details.

Kashipara Music Mgmt Sys v1.0 Unauth Delete Genre via /music/ajax.php
CVE-2024-42796 - September 16, 2024

An Incorrect Access Control vulnerability was found in /music/ajax.php?action=delete_genre in Kashipara Music Management System v1.0. This vulnerability allows an unauthenticated attacker to delete the valid music genre entries.

Kash Music Sys v1.0: IC Vulnerability in /music/index.php allows admin takeover
CVE-2024-42798 - September 16, 2024

An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.

Kashipara Music Management System v1.0 CSRF via /music/ajax.php?action=save_user
CVE-2024-42793 8 - High - August 28, 2024

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=save_user page.

Session Riding

CSRF in Kashipara Music Manag. System v1.0 delete_playlist
CVE-2024-42792 3.5 - Low - August 26, 2024

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_playlist page.

Session Riding

Reflected XSS in Kashipara Music Management System v1.0 via 'page' param
CVE-2024-42790 5.4 - Medium - August 26, 2024

A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/index.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.

XSS

Stored XSS in Kashipara Music System v1.0 via /music/ajax.php
CVE-2024-42788 - August 26, 2024

A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields.

Kashipara Music Mgmt System 1.0 CSRF via delete_genre
CVE-2024-42791 - August 26, 2024

A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System v1.0 via /music/ajax.php?action=delete_genre.

Kashipara Music Mgt Sys v1.0 XSS via /music/ajax.php?action=save_playlist
CVE-2024-42787 - August 26, 2024

A Stored Cross Site Scripting (XSS) vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields.

Kashipara Music Management System v1.0 XSS via controller.php?page
CVE-2024-42789 - August 26, 2024

A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter.

Kashipara Music Management 1.0 SQL Injection via pid in manage_playlist_items.php
CVE-2024-42783 9.8 - Critical - August 21, 2024

Kashipara Music Management System v1.0 is vulnerable to SQL Injection via /music/manage_playlist_items.php. An attacker can execute arbitrary SQL commands via the "pid" parameter.

SQL Injection

SQLi via id in Kashipara Music Mngmt Sys v1.0
CVE-2024-42784 9.8 - Critical - August 21, 2024

A SQL injection vulnerability in "/music/controller.php?page=view_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.

SQL Injection

SQLi in Kashipara Music Mgt Sys v1.0 via /music/index.php?page=view_playlist
CVE-2024-42785 8.8 - High - August 21, 2024

A SQL injection vulnerability in /music/index.php?page=view_playlist in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter.

SQL Injection

Kashipara MMS v1.0 SQLi via /music/view_user.php id
CVE-2024-42786 8.8 - High - August 21, 2024

A SQL injection vulnerability in "/music/view_user.php" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "id" parameter of View User Profile Page.

SQL Injection

Unrestricted File Upload in Kashipara Music Management System v1.0
CVE-2024-42777 9.8 - Critical - August 21, 2024

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=signup" of Kashipara Music Management System v1.0, which allows attackers to execute arbitrary code via uploading a crafted PHP file.

Unrestricted File Upload

Unrestricted File Upload in Kashipara Music Management System v1.0 (/ajax.php)
CVE-2024-42779 8.8 - High - August 21, 2024

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_music" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.

Unrestricted File Upload

Unrestricted File Upload in Kashipara v1.0 (ajax.php)
CVE-2024-42780 8.8 - High - August 21, 2024

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_genre" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.

Unrestricted File Upload

Kashipara Music Mgmt Sys v1.0 SQLi via /ajax.php login email
CVE-2024-42781 9.8 - Critical - August 21, 2024

A SQL injection vulnerability in "/music/ajax.php?action=login" of Kashipara Music Management System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the email parameter.

SQL Injection

Kashipara Music Management System v1.0 SQLi in ajax.php find_music
CVE-2024-42782 9.8 - Critical - August 21, 2024

A SQL injection vulnerability in "/music/ajax.php?action=find_music" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter.

SQL Injection

Kashipara Music Management 1.0 Unrestricted File Upload via /music/ajax.php
CVE-2024-42778 8.8 - High - August 21, 2024

An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.

Unrestricted File Upload

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Lopalopa Music Management System or by Lopalopa? Click the Watch button to subscribe.

Lopalopa
Vendor

Lopalopa Music Management System
Product

Lopalopa Music Management System

Don't miss out!

By the Year

Recent Lopalopa Music Management System Security Vulnerabilities

Kashipara Music Management v1.0 Unauth Delete Playlist via AJAX CVE-2024-42797 - September 25, 2024

Incorrect Access Control in Kashipara v1.0 via ajax.php CVE-2024-42794 - September 16, 2024

Unauth Access to /music/view_user.php in Kashipara Music MS v1.0 CVE-2024-42795 - September 16, 2024

Kashipara Music Mgmt Sys v1.0 Unauth Delete Genre via /music/ajax.php CVE-2024-42796 - September 16, 2024

Kash Music Sys v1.0: IC Vulnerability in /music/index.php allows admin takeover CVE-2024-42798 - September 16, 2024

Kashipara Music Management System v1.0 CSRF via /music/ajax.php?action=save_user CVE-2024-42793 8 - High - August 28, 2024

CSRF in Kashipara Music Manag. System v1.0 delete_playlist CVE-2024-42792 3.5 - Low - August 26, 2024

Reflected XSS in Kashipara Music Management System v1.0 via 'page' param CVE-2024-42790 5.4 - Medium - August 26, 2024

Stored XSS in Kashipara Music System v1.0 via /music/ajax.php CVE-2024-42788 - August 26, 2024

Kashipara Music Mgmt System 1.0 CSRF via delete_genre CVE-2024-42791 - August 26, 2024

Kashipara Music Mgt Sys v1.0 XSS via /music/ajax.php?action=save_playlist CVE-2024-42787 - August 26, 2024

Kashipara Music Management System v1.0 XSS via controller.php?page CVE-2024-42789 - August 26, 2024

Kashipara Music Management 1.0 SQL Injection via pid in manage_playlist_items.php CVE-2024-42783 9.8 - Critical - August 21, 2024

SQLi via id in Kashipara Music Mngmt Sys v1.0 CVE-2024-42784 9.8 - Critical - August 21, 2024

SQLi in Kashipara Music Mgt Sys v1.0 via /music/index.php?page=view_playlist CVE-2024-42785 8.8 - High - August 21, 2024

Kashipara MMS v1.0 SQLi via /music/view_user.php id CVE-2024-42786 8.8 - High - August 21, 2024

Unrestricted File Upload in Kashipara Music Management System v1.0 CVE-2024-42777 9.8 - Critical - August 21, 2024

Unrestricted File Upload in Kashipara Music Management System v1.0 (/ajax.php) CVE-2024-42779 8.8 - High - August 21, 2024

Unrestricted File Upload in Kashipara v1.0 (ajax.php) CVE-2024-42780 8.8 - High - August 21, 2024

Kashipara Music Mgmt Sys v1.0 SQLi via /ajax.php login email CVE-2024-42781 9.8 - Critical - August 21, 2024

Kashipara Music Management System v1.0 SQLi in ajax.php find_music CVE-2024-42782 9.8 - Critical - August 21, 2024

Kashipara Music Management 1.0 Unrestricted File Upload via /music/ajax.php CVE-2024-42778 8.8 - High - August 21, 2024

Stay on top of Security Vulnerabilities

Lopalopa Vendor

Lopalopa Music Management SystemProduct

Kashipara Music Management v1.0 Unauth Delete Playlist via AJAX
CVE-2024-42797 - September 25, 2024

Incorrect Access Control in Kashipara v1.0 via ajax.php
CVE-2024-42794 - September 16, 2024

Unauth Access to /music/view_user.php in Kashipara Music MS v1.0
CVE-2024-42795 - September 16, 2024

Kashipara Music Mgmt Sys v1.0 Unauth Delete Genre via /music/ajax.php
CVE-2024-42796 - September 16, 2024

Kash Music Sys v1.0: IC Vulnerability in /music/index.php allows admin takeover
CVE-2024-42798 - September 16, 2024

Kashipara Music Management System v1.0 CSRF via /music/ajax.php?action=save_user
CVE-2024-42793 8 - High - August 28, 2024

CSRF in Kashipara Music Manag. System v1.0 delete_playlist
CVE-2024-42792 3.5 - Low - August 26, 2024

Reflected XSS in Kashipara Music Management System v1.0 via 'page' param
CVE-2024-42790 5.4 - Medium - August 26, 2024

Stored XSS in Kashipara Music System v1.0 via /music/ajax.php
CVE-2024-42788 - August 26, 2024

Kashipara Music Mgmt System 1.0 CSRF via delete_genre
CVE-2024-42791 - August 26, 2024

Kashipara Music Mgt Sys v1.0 XSS via /music/ajax.php?action=save_playlist
CVE-2024-42787 - August 26, 2024

Kashipara Music Management System v1.0 XSS via controller.php?page
CVE-2024-42789 - August 26, 2024

Kashipara Music Management 1.0 SQL Injection via pid in manage_playlist_items.php
CVE-2024-42783 9.8 - Critical - August 21, 2024

SQLi via id in Kashipara Music Mngmt Sys v1.0
CVE-2024-42784 9.8 - Critical - August 21, 2024

SQLi in Kashipara Music Mgt Sys v1.0 via /music/index.php?page=view_playlist
CVE-2024-42785 8.8 - High - August 21, 2024

Kashipara MMS v1.0 SQLi via /music/view_user.php id
CVE-2024-42786 8.8 - High - August 21, 2024

Unrestricted File Upload in Kashipara Music Management System v1.0
CVE-2024-42777 9.8 - Critical - August 21, 2024

Unrestricted File Upload in Kashipara Music Management System v1.0 (/ajax.php)
CVE-2024-42779 8.8 - High - August 21, 2024

Unrestricted File Upload in Kashipara v1.0 (ajax.php)
CVE-2024-42780 8.8 - High - August 21, 2024

Kashipara Music Mgmt Sys v1.0 SQLi via /ajax.php login email
CVE-2024-42781 9.8 - Critical - August 21, 2024

Kashipara Music Management System v1.0 SQLi in ajax.php find_music
CVE-2024-42782 9.8 - Critical - August 21, 2024

Kashipara Music Management 1.0 Unrestricted File Upload via /music/ajax.php
CVE-2024-42778 8.8 - High - August 21, 2024

Lopalopa
Vendor

Lopalopa Music Management System
Product