CVE-2017-15579 — CVSS 9.8 (critical): In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
CVE-2018-5211 — CVSS 9.8 (critical): PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist.
CVE-2017-15578 — CVSS 8.8 (high): In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
CVE-2021-47915 — CVSS 8.1 (high): PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject…
CVE-2021-47912 — CVSS 6.4 (medium): PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files…
CVE-2021-47913 — CVSS 6.4 (medium): PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject…
CVE-2021-47914 — CVSS 6.4 (medium): PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows…