VYPR
Vendor

Phpsugar

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2017-15081CriOct 24, 2017
    risk 0.67cvss 9.8epss 0.02

    In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.

  • CVE-2017-15579CriOct 18, 2017
    risk 0.67cvss 9.8epss 0.01

    In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.

  • CVE-2017-15578HigOct 18, 2017
    risk 0.60cvss 8.8epss 0.01

    In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.

  • CVE-2017-15648MedOct 19, 2017
    risk 0.40cvss 6.1epss 0.01

    In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.

  • CVE-2009-2895Aug 20, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

  • CVE-2021-47915Feb 1, 2026
    risk 0.00cvss epss 0.01

    PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially…

  • CVE-2021-47914Feb 1, 2026
    risk 0.00cvss epss 0.00

    PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading…

  • CVE-2021-47913Feb 1, 2026
    risk 0.00cvss epss 0.00

    PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application…

  • CVE-2021-47912Feb 1, 2026
    risk 0.00cvss epss 0.00

    PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions.