CVE-2021-47915

HIGH

PHP Melody 3.0 - Authenticated SQL Injection via Video Edit Module 'vid' Parameter

Title source: llm
STIX 2.1

Description

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system.

Scores

CVSS v3 8.1
EPSS 0.0053
EPSS Percentile 40.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
phpsugar/php_melody 3.0
Published Feb 01, 2026
Tracked Since Feb 18, 2026