152 matches found
CVE-2019-9594
BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...
Sql injection
BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...
CVE-2019-9594
BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...
CVE-2019-9594
CVE-2019-9594 affects BlueCMS 1.6 and describes an SQL injection vulnerability in the parameter user_id within the uploads/admin/user.php?act=edit request. The vulnerability allows bypassing authentication and manipulating the SQL queries executed by the application, leading to potential disclosu...
CVE-2019-9594
BlueCMS 1.6 allows SQL Injection via the userid parameter in an uploads/admin/user.php?act=edit request...
File inclusion vulnerability in BlueCMS us***.php9 page
BlueCMS is a free professional local portal system developed by open source combination PHP + MYSQL, focusing on local portal CMS. A file inclusion vulnerability exists in the BlueCMS us.php9 page. A remote attacker can construct a payload with the parameter $POST'pay' in the script and utilize t...
CVE-2018-16432
BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...
CVE-2018-16432
BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...
Sql injection
BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...
CVE-2018-16432
BlueCMS 1.6 is affected by CVE-2018-16432 via SQL injection in the user_name parameter to uploads/user.php?act=index_login. The underlying issue is improper input handling that enables an attacker to inject SQL through that parameter. The CVSS metrics indicate a high to critical impact (CVSSv2: 7...
PT-2018-13566 · Bluecms · Bluecms
Name of the Vulnerable Software and Affected Versions: BlueCMS version 1.6 Description: The issue allows SQL Injection via the user name parameter to the "uploads/user.php?act=index login" endpoint. Recommendations: For BlueCMS version 1.6, avoid using the user name parameter in the affected...
CVE-2018-16432
BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...
bluecms guest_book注入
...
bluecms 任意文件删除漏洞导致重装getshell & XSS漏洞
...
BlueCMS v1.6 sp1 /admin/login.php SQL注入漏洞
No description provided by source...
BlueCMS v1.6 sp1 ad_js.php ad_id 参数SQL注入漏洞
No description provided by source...
BlueCMS v1.6 sp1 /admin/tpl_manage.php 本地文件包含漏洞
No description provided by source...
bluecms the latest version of the double-byte universal password into the background-bug warning-the black bar safety net
Brief description: bluecms the latest version i.e., v1. 6sp1,processing of login authentication when the variables are single quotes escaped, but can be used gbk double-byte coding the closing single quote and then comment to enter the background Detailed description: bluecms verify the login cod...
BlueCMS 1.6 include-common.func.php SQL注入漏洞
No description provided by source...
CVE-2010-4897
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action...