Lucene search

K

Blueriver Security Vulnerabilities

cve
cve

CVE-2017-8302

Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm,...

5.4CVSS

5.2AI Score

0.001EPSS

2022-10-03 04:23 PM
27
cve
cve

CVE-2010-3468

Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. (dot dot) in the FILEID parameter to the default URI under...

6.7AI Score

0.03EPSS

2022-10-03 04:20 PM
34
cve
cve

CVE-2018-7486

Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where...

7.2CVSS

7.3AI Score

0.004EPSS

2018-02-26 02:29 PM
25
cve
cve

CVE-2008-6433

Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search...

5.8AI Score

0.003EPSS

2009-03-06 06:30 PM
24
cve
cve

CVE-2008-6434

SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID...

8.7AI Score

0.002EPSS

2009-03-06 06:30 PM
25