PHP Melody Critical Vulnerability Fix (Aug 2017)

PHP Melody websites running anything from v2.2 to v2.7.1 are vulnerable to SQL injection and should be patched immediately as instructed below. Alternatively, you can download the v2.7.2 update package form your Customer Account with us.

To manually patch the issue, please open: /include/functions.php

Find:

	$id = ($list_id != false) ? $list_id : $list_uniq_id;
	$get_by_id = ($list_id != false) ? 'list_id' : 'list_uniq_id';

Replace with:

	if ($list_uniq_id != false && ctype_alnum($list_uniq_id) === false)
	{
		return false;
	}
	
	$id = ($list_id != false) ? (int) $list_id : secure_sql($list_uniq_id);
	$get_by_id = ($list_id != false) ? 'list_id' : 'list_uniq_id';

Find:

	$sql = "SELECT list_uniq_id 
			FROM pm_playlists 
			WHERE list_id = $list_id";

Replace with:

	$list_id = secure_sql($list_id);	
	
	$sql = "SELECT list_uniq_id 
			FROM pm_playlists 
			WHERE list_id = $list_id";

Find:

	$sql = 'SELECT * 
			FROM pm_playlists 
			WHERE user_id = '. $user_id;

Replace with:

	$user_id = secure_sql($user_id);
	
	$sql = 'SELECT * 
			FROM pm_playlists 
			WHERE user_id = '. $user_id;

 

Comments

9 responses to “PHP Melody Critical Vulnerability Fix (Aug 2017)”

  1. seo jeong-yeon 2026 Avatar

    %u
    Very quickly this web site will be famous amid all blog people, due to it’s pleasant postshttp://wiki.jodforum.de/api.php?action=https://ste-b2b.agency/

    my blog :: seo jeong-yeon 2026

  2. binance Anmeldungsbonus Avatar

    Your article helped me a lot, is there any more related content? Thanks!

  3. Creati un cont gratuit Avatar

    Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me. https://www.binance.com/sl/register?ref=OMM3XK51

  4. binance Avatar

    Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me? https://www.binance.com/kz/register?ref=RQUR4BEO

Leave a Reply

Your email address will not be published. Required fields are marked *