cbcvebase.

Phpsugar Php Melody vulnerabilities

9 known vulnerabilities affecting phpsugar/php_melody.

Total CVEs
9
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH2MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2018-5211P3CRITICALCVSS 9.8PoCv2.7.12018-01-09
CVE-2018-5211 [CRITICAL] CWE-89 CVE-2018-5211: PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the p PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.
nvd
CVE-2017-15081P3CRITICALCVSS 9.8PoCv2.6.12017-10-24
CVE-2017-15081 [CRITICAL] CWE-89 CVE-2017-15081: In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
nvd
CVE-2017-15579P3CRITICALCVSS 9.8PoC≤ 2.7.22017-10-18
CVE-2017-15579 [CRITICAL] CWE-89 CVE-2017-15579: In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playl In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
nvd
CVE-2017-15578P3HIGHCVSS 8.8PoC≤ 2.7.22017-10-18
CVE-2017-15578 [HIGH] CWE-89 CVE-2017-15578: In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_cate In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
nvd
CVE-2021-47915P3HIGHCVSS 8.8v3.02026-02-01
CVE-2021-47915 [HIGH] CWE-89 CVE-2021-47915: PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that a PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system.
nvd
CVE-2021-47914P4MEDIUMCVSS 5.4v3.02026-02-01
CVE-2021-47914 [MEDIUM] CWE-79 CVE-2021-47914: PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.ph PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application
nvd
CVE-2021-47912P4MEDIUMCVSS 5.4v3.02026-02-01
CVE-2021-47912 [MEDIUM] CWE-79 CVE-2021-47912: PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in cate PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions.
nvd
CVE-2021-47913P4MEDIUMCVSS 5.4v3.02026-02-01
CVE-2021-47913 [MEDIUM] CWE-79 CVE-2021-47913: PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that all PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation.
nvd
CVE-2017-15648P4MEDIUMCVSS 6.1≤ 2.7.22017-10-19
CVE-2017-15648 [MEDIUM] CWE-79 CVE-2017-15648: In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.
nvd
Phpsugar Php Melody vulnerabilities | cvebase