CVE-2020-19853

BlueCMS v1.6 contains a SQL injection vulnerability via /adjs.php...

CVE-2020-19853

BlueCMS v1.6 contains a SQL injection vulnerability via /adjs.php...

CVE-2020-19853

BlueCMS v1.6 contains a SQL injection vulnerability via /adjs.php...

Sql injection

BlueCMS v1.6 contains a SQL injection vulnerability via /adjs.php...

CVE-2020-19853

BlueCMS v1.6 contains a SQL injection vulnerability via /adjs.php...

CVE-2020-19853

BlueCMS v1.6 contains a SQL injection vulnerability exploitable via the /ad_js.php endpoint. The issue is documented across multiple sources (NVD CVE-2020-19853, Red Hat advisory, CNNVD, etc.). According to NVD, CVSS v2 base 7.5 (HIGH) and CVSS v3.1 base 9.8 (CRITICAL) indicate network-exposed, l...

BlueCMS SQL注入漏洞

BlueCMS is a content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in BlueCMS version 1.6, which can be triggered by an attacker via "/adjs.php"...

BlueCMS v1. 6 sp1 ad_js.php SQL injection vulnerability-vulnerability warning-the black bar safety net

Affected version: BlueCMS v1. 6 sp1 Vulnerability description: The defect file: adjs.php Vulnerability causes: the 1 2: $adid = ! empty$GET'adid' ? trim$GET'adid' : "; //root directory of the other files are doing a very good filter, the logarithm of the font variables almost always use intvalto ...

BlueCMS v1.6 sp1 ad_js.php SQL注入漏洞

缺陷文件：adjs.php 漏洞成因： 12: $adid = !empty$GET'adid' ? trim$GET'adid' : ''; //根目录下其他文件都做了很好的过滤，对数字型变量几乎都用了intval做限制，唯独漏了这个文件，居然只是用了trim去除头尾空格。。 19: $ad = $db-getone"SELECT FROM ".table'ad'." WHERE adid =".$adid; //直接代入查询 BlueCMS v1.6 sp1 SEBUG临时解决办法： $adid = !empty$GET'adid' ? intval$GET'adid' : '';...