Phpsugar CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-47915	1 Phpsugar	1 Php Melody	2026-02-11	8.1 High
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system.
CVE-2021-47914	1 Phpsugar	1 Php Melody	2026-02-11	6.4 Medium
PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules.
CVE-2017-15578	1 Phpsugar	1 Php Melody	2025-04-20	N/A
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
CVE-2017-15579	1 Phpsugar	1 Php Melody	2025-04-20	N/A
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVE-2017-15648	1 Phpsugar	1 Php Melody	2025-04-20	N/A
In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.
CVE-2017-15081	1 Phpsugar	1 Php Melody	2025-04-20	N/A
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
CVE-2009-2895	1 Phpsugar	1 Ultimate Regnow Affiliate	2025-04-09	N/A
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2018-5211	1 Phpsugar	1 Php Melody	2024-11-21	N/A
PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.

Page 1 of 1.