Php Melody

php_melody

Vendor: Phpsugar • 9 CVEs

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-47915 1Phpsugar 1Php Melody Feb 11, 2026 Feb 1, 2026 8.6 HIGH· v4 8.8 HIGH· v3 N/A· v2 PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to...Show more PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system.Show less
CVE-2021-47914 1Phpsugar 1Php Melody Feb 11, 2026 Feb 1, 2026 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerabi...Show more PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules.Show less
CVE-2021-47913 1Phpsugar 1Php Melody Feb 11, 2026 Feb 1, 2026 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts...Show more PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation.Show less
CVE-2021-47912 1Phpsugar 1Php Melody Feb 12, 2026 Feb 1, 2026 5.1 MEDIUM· v4 5.4 MEDIUM· v3 N/A· v2 PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute...Show more PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions.Show less
CVE-2018-5211 1Phpsugar 1Php Melody Nov 21, 2024 Jan 9, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.
CVE-2017-15081 1Phpsugar 1Php Melody May 13, 2026 Oct 24, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
CVE-2017-15648 1Phpsugar 1Php Melody May 13, 2026 Oct 19, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.
CVE-2017-15579 1Phpsugar 1Php Melody May 13, 2026 Oct 18, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVE-2017-15578 1Phpsugar 1Php Melody May 13, 2026 Oct 18, 2017 N/A· v4 8.8 HIGH· v3 6.0 MEDIUM· v2 In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.