Vulnerabilities (CVE)

Filtered by vendor Phpsugar Subscribe

Filtered by product Php Melody

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-5211	1 Phpsugar	1 Php Melody	2018-01-31	7.5 HIGH	9.8 CRITICAL
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.
CVE-2017-15081	1 Phpsugar	1 Php Melody	2017-11-14	7.5 HIGH	9.8 CRITICAL
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
CVE-2017-15579	1 Phpsugar	1 Php Melody	2017-11-08	7.5 HIGH	9.8 CRITICAL
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.