Phpsugar: >> Php Melody Security Vulnerabilities
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-01-09
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
CVSS Score
9.8
EPSS Score
0.073
Published
2017-10-24
In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-19
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-10-18
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-10-18