← Volver a CVEs
CVE-2021-47915
HIGH8.1
Descripcion
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system.
Detalles CVE
Puntuacion CVSS v3.18.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado2/1/2026
Ultima modificacion2/11/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
phpsugar:php_melody
Debilidades (CWE)
CWE-89
Referencias
https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/(disclosure@vulncheck.com)
https://www.phpsugar.com/phpmelody.html(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/php-melody-sql-injection-vulnerability-via-edit-video-parameter(disclosure@vulncheck.com)
https://www.vulnerability-lab.com/get_content.php?id=2295(disclosure@vulncheck.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.