phpsugar 漏洞与 CVE 列表(10)

产品(CPE): — CVE 数: 10

phpsugar 漏洞概览

汇总 phpsugar 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

历史漏洞主要涉及 SQL 注入与跨站脚本 等问题,部分漏洞可能导致 会话劫持,并影响 生产负载与软件部署 相关场景。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 11010 CVE 数
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2021-47915 PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system. [email protected] 8.6 0.53% 2026-02-01 2026-06-17
CVE-2021-47914 PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules. [email protected] 5.1 0.30% 2026-02-01 2026-06-17
CVE-2021-47913 PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation. [email protected] 5.1 0.22% 2026-02-01 2026-06-17
CVE-2021-47912 PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions. [email protected] 5.1 0.22% 2026-02-01 2026-06-17
CVE-2018-5211 PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the parameter playlist. [email protected] 9.8 1.93% 2018-01-09 2026-06-16
CVE-2017-15081 In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. [email protected] 9.8 2.41% 2017-10-24 2026-06-16
CVE-2017-15648 In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter. [email protected] 6.1 0.66% 2017-10-19 2026-06-16
CVE-2017-15579 In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php. [email protected] 9.8 1.49% 2017-10-17 2026-06-16
CVE-2017-15578 In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php. [email protected] 8.8 1.34% 2017-10-17 2026-06-16
CVE-2009-2895 SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. [email protected] 7.5 0.92% 2009-08-20 2026-06-16
«« 第一页 « 上一页 第 1 / 1 页 下一页 »
cvelogic Threat Intelligence