In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
9.8CVSS
9.8AI Score
0.009EPSS
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
8.8CVSS
9.7AI Score
0.001EPSS
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
9.8CVSS
9.8AI Score
0.002EPSS
In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.
6.1CVSS
6AI Score
0.001EPSS
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.
9.8CVSS
9.9AI Score
0.002EPSS