Phpsugar · Php Melody Cms · CVE-2017-15081
**Name of the Vulnerable Software and Affected Versions**
PHPSUGAR PHP Melody CMS version 2.6.1
**Description**
SQL Injection exists in the system, allowing unauthorized access to database information. The issue is specifically related to the `playlist` parameter in the "playlists.php" endpoint.
**Recommendations**
For PHPSUGAR PHP Melody CMS version 2.6.1, consider restricting access to the "playlists.php" endpoint until a patch is available, and avoid using the `playlist` parameter to minimize the risk of exploitation.