Browse all 4 CVE security advisories affecting PHPSUGAR. AI-powered Chinese analysis, POCs, and references for each vulnerability.
PHPSUGAR is a PHP-based web application framework primarily used for rapid development of custom business solutions and content management systems. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues due to insufficient input validation and insecure authentication mechanisms. The application's four recorded CVEs highlight recurring patterns in insecure file handling and inadequate access controls. While no major public security incidents have been documented, the consistent discovery of critical vulnerabilities in its codebase suggests ongoing challenges in secure development practices, requiring administrators to implement strict input filtering and apply security patches promptly.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-47915 | PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter — PHP MelodyCWE-89 | 8.1 | High | 2026-02-01 |
| CVE-2021-47914 | PHP Melody 3.0 Persistent XSS Vulnerability via Edit Video Parameter — PHP MelodyCWE-79 | 6.4 | Medium | 2026-02-01 |
| CVE-2021-47913 | PHP Melody 3.0 Persistent Cross-Site Scripting via Video Editor — PHP MelodyCWE-79 | 6.4 | Medium | 2026-02-01 |
| CVE-2021-47912 | PHP Melody 3.0 Non-Persistent Cross-Site Scripting via Multiple Parameters — PHP MelodyCWE-79 | 6.4 | Medium | 2026-02-01 |
This page lists every published CVE security advisory associated with PHPSUGAR. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.