CVE-2021-47915

Name of the Vulnerable Software and Affected Versions PHP Melody version 3.0

Description PHP Melody version 3.0 has a remote SQL injection issue in the video edit module. Authenticated attackers can inject malicious SQL commands through the unvalidated vid parameter. Successful exploitation allows attackers to execute arbitrary database queries, potentially compromising the web application and its database management system.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the vid parameter before using it in database queries.