Lucene search
K

11 matches found

Cvelist
Cvelist
added 2026/05/29 4:51 p.m.38 views

CVE-2026-10108 xiaomusic 0.5.7 Path Traversal via GET /music endpoint

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...

8.7CVSS0.00513EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 4:51 p.m.23 views

CVE-2026-10108

The CVE-2026-10108 entry concerns xiaomusic v0.5.7, with an unauthenticated path traversal vulnerability in GET /music/{file_path:path}. An attacker can read arbitrary files outside the music directory by exploiting an incomplete path prefix check and a missing trailing separator in the compariso...

8.7CVSS5.9AI score0.00513EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 4:51 p.m.9 views

CVE-2026-10108 xiaomusic 0.5.7 Path Traversal via GET /music endpoint

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...

8.7CVSS5.9AI score0.00513EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/11 4:32 p.m.13 views

CVE-2025-11607 harry0703 MoneyPrinterTurbo API Endpoint music.py upload_music path traversal

A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function uploadmusic of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed...

6.5CVSS0.00418EPSS
Exploits0References4
OSV
OSV
added 2024/08/26 4:15 p.m.5 views

CVE-2024-42788

A Stored Cross Site Scripting XSS vulnerability was found in "/music/ajax.php?action=savemusic" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "artist" parameter fields...

6.1CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/26 12:0 a.m.4 views

PT-2024-30160 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/music/ajax.php?action=save music" endpoint, allowing remote attackers to execute arbitrary code via the title and artist...

6.1CVSS6.6AI score0.00492EPSS
Exploits1References7
OSV
OSV
added 2024/08/21 6:15 p.m.2 views

CVE-2024-42782

A SQL injection vulnerability in "/music/ajax.php?action=findmusic" in Kashipara Music Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "search" parameter...

9.8CVSS6.1AI score0.00445EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.4 views

PT-2024-30157 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A SQL injection vulnerability in the /music/index.php?page=view playlist endpoint allows an attacker to execute arbitrary SQL commands via the id parameter. This issue enables an...

8.8CVSS8.1AI score0.00498EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.6 views

PT-2024-30156 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A SQL injection issue exists in the "/music/controller.php?page=view music" endpoint, allowing an attacker to execute arbitrary SQL commands via the id parameter. This enables attacke...

9.8CVSS8.2AI score0.00608EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.6 views

PT-2024-30154 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A SQL injection issue in the "/music/ajax.php?action=find music" endpoint allows an attacker to execute arbitrary SQL commands via the search parameter. This enables the attacker to...

9.8CVSS8.2AI score0.00445EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.5 views

PT-2024-22851 · Unknown · Sourcecodester Music Gallery Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Music Gallery Site version 1.0 Description: A critical vulnerability was found in the SourceCodester Music Gallery Site, affecting an unknown functionality of the file classes/Master.php?f=save music. This vulnerability leads t...

9.8CVSS7.3AI score0.01182EPSS
Exploits1References8
Rows per page
Query Builder