Vulnerabilities > Phpsugar > PHP Melody > 2.6.1

DATE CVE VULNERABILITY TITLE RISK
2017-10-24 CVE-2017-15081 SQL Injection vulnerability in PHPsugar PHP Melody 2.6.1
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
network
low complexity
phpsugar CWE-89
critical
 9.8
9.8
2017-10-19 CVE-2017-15648 Cross-site Scripting vulnerability in PHPsugar PHP Melody
In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.
network
low complexity
phpsugar CWE-79
6.1
6.1
2017-10-18 CVE-2017-15579 SQL Injection vulnerability in PHPsugar PHP Melody
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
network
low complexity
phpsugar CWE-89
critical
 9.8
9.8
2017-10-18 CVE-2017-15578 SQL Injection vulnerability in PHPsugar PHP Melody
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
network
low complexity
phpsugar CWE-89
8.8
8.8