EUVD-2026-31421

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

CVE-2026-8679 AudioIgniter Music Player <= 2.0.2 - Unauthenticated Insecure Direct Object Reference to 'audioigniter_playlist_id' Parameter

The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handleplaylistendpoint function hooked to templateredirect accepting a user-controlled playlist ID via the audioigniterplaylistid query var or the...

CVE-2020-37173

AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the...

PT-2025-37353

Name of the Vulnerable Software and Affected Versions: MiczFlor RPi-Jukebox-RFID versions up to 2.8.0 Description: A security flaw exists in MiczFlor RPi-Jukebox-RFID up to version 2.8.0. The issue is due to os command injection in an unknown function of the file /htdocs/api/playlist/single.php...

PT-2024-30170 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: An Incorrect Access Control issue was found in the "/music/ajax.php?action=delete playlist" endpoint. This issue allows an unauthenticated attacker to delete valid music playlist...

PT-2024-30165 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A Cross-Site Request Forgery CSRF issue was found in the system via the "/music/ajax.php?action=delete playlist" page. This allows for unauthorized actions to be performed...

PT-2024-30159 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/music/ajax.php?action=save playlist" endpoint, allowing remote attackers to execute arbitrary code via the title and...

PT-2024-30149 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save playlist" in Kashipara Music Management System. This allows attackers to execute arbitrary code via...

PT-2024-30155 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: The issue allows an attacker to execute arbitrary SQL commands via the pid parameter in the "/music/manage playlist items.php" API endpoint. This enables the attacker to manipulate th...

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. A file upload vulnerability exists in Kashipara Music Management System version 1.0, which stems from the lack of validation of uploaded files in /music/ajax.php?action=saveplaylist, and can be exploited by an attacker...

PT-2024-23679 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: The issue allows attackers to execute arbitrary code via the back parameter in "playlist.php". This is a Cross Site Scripting vulnerability. Recommendations: For DerbyNet versions 9.0 and below,...