Phpsugar: Security Vulnerabilities
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.
CVSS Score
9.8
EPSS Score
0.014
Published
2018-01-09
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
CVSS Score
9.8
EPSS Score
0.073
Published
2017-10-24
In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-19
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-10-18
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-10-18
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2009-08-20