SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action.
8.6AI Score
0.001EPSS
BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login.
9.8CVSS
9.8AI Score
0.002EPSS
A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes.
9.8CVSS
9.9AI Score
0.002EPSS
BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request.
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.7AI Score
0.002EPSS
9.8CVSS
9.7AI Score
0.002EPSS
9.8CVSS
9.9AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.002EPSS
BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php.
9.8CVSS
9.7AI Score
0.002EPSS