Vulnerability Name: PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter Severity: High Date: 2022-01-21 Description: - PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module. - Authenticated attackers can inject malicious SQL commands using the unvalidated 'vid' parameter. - This can lead to arbitrary database queries and compromise the web application and database management system. CVSS Scores: - CVSS V3 Vector: 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N - CVSS V4 Vector: 4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N References: - Vulnerability Lab Advisory (link 1) - Vulnerability Lab Advisory (link 2) - Product Homepage Credit: Vulnerability-Lab [Research Team]