PHP Melody
by Phpsugar
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15081 | Cri | 0.67 | 9.8 | 0.07 | Oct 24, 2017 | In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. | |
| CVE-2017-15579 | Cri | 0.67 | 9.8 | 0.00 | Oct 18, 2017 | In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | |
| CVE-2017-15578 | Hig | 0.60 | 8.8 | 0.00 | Oct 18, 2017 | In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | |
| CVE-2017-15648 | Med | 0.40 | 6.1 | 0.00 | Oct 19, 2017 | In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. |