PHP Melody Support

PHP Melody Critical Vulnerability Fix (Aug 2017)

Written by

admin

in

PHP Melody websites running anything from v2.2 to v2.7.1 are vulnerable to SQL injection and should be patched immediately as instructed below. Alternatively, you can download the v2.7.2 update package form your Customer Account with us.

To manually patch the issue, please open: /include/functions.php

Find:

	$id = ($list_id != false) ? $list_id : $list_uniq_id;
	$get_by_id = ($list_id != false) ? 'list_id' : 'list_uniq_id';

Replace with:

	if ($list_uniq_id != false && ctype_alnum($list_uniq_id) === false)
	{
		return false;
	}
	
	$id = ($list_id != false) ? (int) $list_id : secure_sql($list_uniq_id);
	$get_by_id = ($list_id != false) ? 'list_id' : 'list_uniq_id';

Find:

	$sql = "SELECT list_uniq_id 
			FROM pm_playlists 
			WHERE list_id = $list_id";

Replace with:

	$list_id = secure_sql($list_id);	
	
	$sql = "SELECT list_uniq_id 
			FROM pm_playlists 
			WHERE list_id = $list_id";

Find:

	$sql = 'SELECT * 
			FROM pm_playlists 
			WHERE user_id = '. $user_id;

Replace with:

	$user_id = secure_sql($user_id);
	
	$sql = 'SELECT * 
			FROM pm_playlists 
			WHERE user_id = '. $user_id;

 

Comments

7 responses to “PHP Melody Critical Vulnerability Fix (Aug 2017)”

  1. 📆 🎁 Bitcoin Reward: 1.0 BTC added. Get today >> https://graph.org/WITHDRAW-YOUR-COINS-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 📆 Avatar
    📆 🎁 Bitcoin Reward: 1.0 BTC added. Get today >> https://graph.org/WITHDRAW-YOUR-COINS-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 📆

    z042d6

    Reply
  2. 🔒 🚨 Urgent: 2.0 BTC transfer canceled. Resend here => https://graph.org/RECOVER-BITCOIN-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔒 Avatar
    🔒 🚨 Urgent: 2.0 BTC transfer canceled. Resend here => https://graph.org/RECOVER-BITCOIN-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔒

    b7o2ow

    Reply
  3. seo jeong-yeon 2026 Avatar
    seo jeong-yeon 2026

    %u
    Very quickly this web site will be famous amid all blog people, due to it’s pleasant postshttp://wiki.jodforum.de/api.php?action=https://ste-b2b.agency/

    my blog :: seo jeong-yeon 2026

    Reply
  4. 🔐 🔵 Unread Alert: 1.65 Bitcoin from user. Review funds => https://graph.org/ACTIVATE-BTC-TRANSFER-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔐 Avatar
    🔐 🔵 Unread Alert: 1.65 Bitcoin from user. Review funds => https://graph.org/ACTIVATE-BTC-TRANSFER-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔐

    yrunpm

    Reply
  5. binance Anmeldungsbonus Avatar
    binance Anmeldungsbonus

    Your article helped me a lot, is there any more related content? Thanks!

    Reply
  6. 📕 🚨 ATTENTION: You received 0.75 bitcoin! Tap to claim > https://graph.org/RECEIVE-BTC-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 📕 Avatar
    📕 🚨 ATTENTION: You received 0.75 bitcoin! Tap to claim > https://graph.org/RECEIVE-BTC-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 📕

    uinply

    Reply
  7. 🔍 🔔 Urgent - 1.75 BTC sent to your address. Receive funds → https://graph.org/SECURE-YOUR-BITCOIN-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔍 Avatar
    🔍 🔔 Urgent – 1.75 BTC sent to your address. Receive funds → https://graph.org/SECURE-YOUR-BITCOIN-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 🔍

    6is9mb

    Reply

Leave a Reply to 📕 🚨 ATTENTION: You received 0.75 bitcoin! Tap to claim > https://graph.org/RECEIVE-BTC-07-23?hs=321ebeb592d7405122e3ed0181820bd4& 📕 Cancel reply

Your email address will not be published. Required fields are marked *

More posts