Phpsugar: >> Php Melody >> 1.6.5 Security Vulnerabilities
In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-19
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-10-18
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-10-18