CNNVD-202602-035 Information
CNNVD ID
CNNVD-202602-035
Related CVE
- CNNVD Published: 2026-02-01
Description (Chinese)
PHPSUGAR PHP Melody是PHPSUGAR公司的一个内容管理系统。 PHPSUGAR PHP Melody 3.0版本存在SQL注入漏洞,该漏洞源于视频编辑模块参数vid存在远程SQL注入漏洞,可能导致经过身份验证的攻击者注入恶意SQL命令。
Description (English)
PHPSUGAR PHP Melody is a content management system for PHPSUGAR. Version 3.0 of PHPSUGAR PHP Melody contains an injection loophole in SQL, which stems from the remote SQL injection gap in the video editing module parameter vid, which may result in the introduction of malicious SQL orders by an identified assailant.
Hazard Level
Medium
Vulnerability Type
SQL注入
Affected Vendor
PHPSUGAR
Published
2026-02-01
Last Modified
2026-02-24
References
https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/ https://www.phpsugar.com/phpmelody.html https://www.vulncheck.com/advisories/php-melody-sql-injection-vulnerability-via-edit-video-parameter https://www.vulnerability-lab.com/get_content.php?id=2295
Patch
https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/
Share on: