Vendor
Phpsugar
Products
2
CVEs
5
Across products
5
Status
Private
Products
2- 4 CVEs
- 1 CVE
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15081 | Cri | 0.67 | 9.8 | 0.07 | Oct 24, 2017 | In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. | |
| CVE-2017-15579 | Cri | 0.67 | 9.8 | 0.00 | Oct 18, 2017 | In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. | |
| CVE-2017-15578 | Hig | 0.60 | 8.8 | 0.00 | Oct 18, 2017 | In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. | |
| CVE-2017-15648 | Med | 0.40 | 6.1 | 0.00 | Oct 19, 2017 | In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. | |
| CVE-2009-2895 | 0.03 | — | 0.00 | Aug 20, 2009 | SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. |