PHP Melody Support

PHP Melody Critical Vulnerability Fix (Aug 2017)

Written by

admin

in

PHP Melody websites running anything from v2.2 to v2.7.1 are vulnerable to SQL injection and should be patched immediately as instructed below. Alternatively, you can download the v2.7.2 update package form your Customer Account with us.

To manually patch the issue, please open: /include/functions.php

Find:

	$id = ($list_id != false) ? $list_id : $list_uniq_id;
	$get_by_id = ($list_id != false) ? 'list_id' : 'list_uniq_id';

Replace with:

	if ($list_uniq_id != false && ctype_alnum($list_uniq_id) === false)
	{
		return false;
	}
	
	$id = ($list_id != false) ? (int) $list_id : secure_sql($list_uniq_id);
	$get_by_id = ($list_id != false) ? 'list_id' : 'list_uniq_id';

Find:

	$sql = "SELECT list_uniq_id 
			FROM pm_playlists 
			WHERE list_id = $list_id";

Replace with:

	$list_id = secure_sql($list_id);	
	
	$sql = "SELECT list_uniq_id 
			FROM pm_playlists 
			WHERE list_id = $list_id";

Find:

	$sql = 'SELECT * 
			FROM pm_playlists 
			WHERE user_id = '. $user_id;

Replace with:

	$user_id = secure_sql($user_id);
	
	$sql = 'SELECT * 
			FROM pm_playlists 
			WHERE user_id = '. $user_id;

 

Comments

9 responses to “PHP Melody Critical Vulnerability Fix (Aug 2017)”

  1. 📆 🎁 Bitcoin Reward: 1.0 BTC added. Get today >> https://graph.org/WITHDRAW-YOUR-COINS-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 📆 Avatar
    📆 🎁 Bitcoin Reward: 1.0 BTC added. Get today >> https://graph.org/WITHDRAW-YOUR-COINS-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 📆

    z042d6

    Reply
  2. 🔒 🚨 Urgent: 2.0 BTC transfer canceled. Resend here => https://graph.org/RECOVER-BITCOIN-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔒 Avatar
    🔒 🚨 Urgent: 2.0 BTC transfer canceled. Resend here => https://graph.org/RECOVER-BITCOIN-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔒

    b7o2ow

    Reply
  3. seo jeong-yeon 2026 Avatar
    seo jeong-yeon 2026

    %u
    Very quickly this web site will be famous amid all blog people, due to it’s pleasant postshttp://wiki.jodforum.de/api.php?action=https://ste-b2b.agency/

    my blog :: seo jeong-yeon 2026

    Reply
  4. 🔐 🔵 Unread Alert: 1.65 Bitcoin from user. Review funds => https://graph.org/ACTIVATE-BTC-TRANSFER-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔐 Avatar
    🔐 🔵 Unread Alert: 1.65 Bitcoin from user. Review funds => https://graph.org/ACTIVATE-BTC-TRANSFER-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔐

    yrunpm

    Reply
  5. binance Anmeldungsbonus Avatar
    binance Anmeldungsbonus

    Your article helped me a lot, is there any more related content? Thanks!

    Reply
  6. 📕 🚨 ATTENTION: You received 0.75 bitcoin! Tap to claim > https://graph.org/RECEIVE-BTC-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 📕 Avatar
    📕 🚨 ATTENTION: You received 0.75 bitcoin! Tap to claim > https://graph.org/RECEIVE-BTC-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 📕

    uinply

    Reply
  7. 🔍 🔔 Urgent - 1.75 BTC sent to your address. Receive funds → https://graph.org/SECURE-YOUR-BITCOIN-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔍 Avatar
    🔍 🔔 Urgent – 1.75 BTC sent to your address. Receive funds → https://graph.org/SECURE-YOUR-BITCOIN-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔍

    6is9mb

    Reply
  8. Creati un cont gratuit Avatar
    Creati un cont gratuit

    Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me. https://www.binance.com/sl/register?ref=OMM3XK51

    Reply
  9. binance Avatar
    binance

    Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me? https://www.binance.com/kz/register?ref=RQUR4BEO

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts