An Incorrect Access Control vulnerability was found in /music/index.php?page=user_list and /music/index.php?page=edit_user in Kashipara Music Management System v1.0. This allows a low privileged attacker to take over the administrator account.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.