← Back to CVEs
CVE-2021-47915
HIGH8.1
Description
PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system.
CVE Details
CVSS v3.1 Score8.1
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published2/1/2026
Last Modified2/11/2026
Sourcenvd
Honeypot Sightings0
Affected Products
phpsugar:php_melody
Weaknesses (CWE)
CWE-89
References
https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix/(disclosure@vulncheck.com)
https://www.phpsugar.com/phpmelody.html(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/php-melody-sql-injection-vulnerability-via-edit-video-parameter(disclosure@vulncheck.com)
https://www.vulnerability-lab.com/get_content.php?id=2295(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.