An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading a crafted PHP file.
https://www.kashipara.com/project/php/12978/music-management-system-in-php-php-project-source-code