Unrated severityNVD Advisory· Published Feb 1, 2026· Updated Mar 5, 2026
PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter
CVE-2021-47915
Description
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2= 3.0+ 1 more
- (no CPE)range: = 3.0
- (no CPE)range: 3.0
Patches
Vulnerability mechanics
References
4- www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/mitrepatch
- www.vulnerability-lab.com/get_content.phpmitreexploit
- www.vulncheck.com/advisories/php-melody-sql-injection-vulnerability-via-edit-video-parametermitrethird-party-advisory
- www.phpsugar.com/phpmelody.htmlmitreproduct
News mentions
0No linked articles in our index yet.