Php Melody Security Vulnerabilities and Issues — Php Melody CVE List

PhpsugarPhp Melody

9 matches found

CVE•added 2017/10/18 2:0 a.m.•61 views

CVE-2017-15579

PHPSUGAR PHP Melody pre-2.7.3 contains a SQL Injection in the watch.php playlist action via the aa_pages_per_page cookie. The root cause is improper handling of the aa_pages_per_page value, enabling arbitrary SQL execution. Impact is high (full database access potential) and is limited to version...

9.8CVSS9.8AI score0.00376EPSS

Web

CVE•added 2017/10/18 2:0 a.m.•56 views

CVE-2017-15578

PHPSUGAR PHP Melody (pre-2.7.3) is affected by a SQL Injection in admin/edit_category.php via the image parameter. The CVE-2017-15578 entry is supported by multiple sources (CNVD/CVELIST/NVD) stating that versions prior to 2.7.3 are vulnerable and that exploitation can inject SQL data. The vulner...

8.8CVSS9.7AI score0.002EPSS

Web

CVE•added 2017/10/24 6:0 a.m.•49 views

CVE-2017-15081

CVE-2017-15081 : In PHPSUGAR PHP Melody CMS 2.6.1, there is a SQL Injection in the parameter playlist of playlists.php. The vulnerability is demonstrated in public exploit listings (e.g., payloads showing UNION-based injections) and CNVD/CVE records describe that an attacker can inject SQL to acc...

9.8CVSS9.8AI score0.07326EPSS

Web

CVE•added 2017/10/19 10:0 p.m.•43 views

CVE-2017-15648

CVE-2017-15648 : In PHPSUGAR PHP Melody before 2.7.3, the file page_manager.php is vulnerable to XSS via the page_title parameter . Affected software: PHPSUGAR PHP Melody versions preceding 2.7.3. Root cause: improper handling/escaping of user-supplied input in page_title leading to script inject...

6.1CVSS6AI score0.00301EPSS

CVE•added 2018/01/09 4:0 p.m.•39 views

CVE-2018-5211

Consolidated details show CVE-2018-5211 affecting PHP Melody 2.7.1 with a SQL Injection vulnerability in ajax.php (playlist parameter). The issue is described with high/critical severity (NVD CVSS2 base 7.5, CVSS3 base 9.8). Multiple sources (NVD, CNVD/CVE lists, PRION, CVELIST) corroborate a tim...

9.8CVSS9.9AI score0.01411EPSS

CVE•added 2026/02/01 12:15 p.m.•11 views

CVE-2021-47913

CVE-2021-47913 affects PHP Melody 3.0. A persistent cross-site scripting vulnerability exists in the video editor’s WYSIWYG—privileged users can inject malicious scripts, potentially enabling session hijacking and application manipulation. The connected sources describe the flaw consistently but ...

6.4CVSS5.9AI score0.00057EPSS

CVE•added 2026/02/01 12:15 p.m.•8 views

CVE-2021-47915

Summary: CVE-2021-47915 affects PHP Melody 3.0, where the video edit module accepts an unvalidated vid parameter, enabling authenticated users to perform a remote SQL injection. This can lead to arbitrary database queries and potential compromise of the web app and its database management system....

8.8CVSS6.2AI score0.00024EPSS

CVE•added 2026/02/01 12:15 p.m.•7 views

CVE-2021-47912

PHP Melody 3.0 is affected by multiple non-persistent cross-site scripting (XSS) vulnerabilities in the categories, import, and user import components. The root cause is unvalidated/unfiltered parameters leading to client-side script execution and potential hijacking of user sessions. CVSS detail...

6.4CVSS5.9AI score0.00057EPSS

CVE•added 2026/02/01 12:15 p.m.•7 views

CVE-2021-47914

PHP Melody 3.0 is affected by a persistent cross-site scripting (XSS) vulnerability in the edit-video.php submitted parameter. The root cause is a flaw in handling the parameter, allowing an attacker to inject malicious script code that can be executed in a victim’s browser. Reported impacts incl...

6.4CVSS6AI score0.00031EPSS