CVE-2017-15579
NONE EPSS 70.9%
Published Oct 18, 20178y ago · Modified Jun 17, 20262w ago
Published Oct 18, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an aa_pages_per_page cookie in a playlist action to watch.php.
Threat Intelligence
EPSS Exploit Probability
70.9% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-89 SQL Injection Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| phpsugar | php_melody | * | ≤2.7.2 |
References 2
- phpsugar.com http://www.phpsugar.com/blog/2017/10/php-melody-v2-7-3-maintenance-release/
- blogs.securiteam.com https://blogs.securiteam.com/index.php/archives/3464
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.