Lucene search
K
Bluecms ProjectBluecms

12 matches found

CVE
CVE
added 2022/05/03 5:0 p.m.78 views

CVE-2022-27962

CVE-2022-27962 concerns BlueCMS 1.6, where a SQL injection vulnerability exists in the parameter named “cooike.” The connected documents confirm the affected software (BlueCMS 1.6) and the underlying issue (SQL injection in a request parameter), with the NVD CVSS indicating a high/critical impact...

9.8CVSS9.7AI score0.01048EPSS
CVE
CVE
added 2022/08/23 3:19 p.m.59 views

CVE-2022-37112

CVE-2022-37112 affects BlueCMS 1.6 and is due to an SQL injection in line 55 of admin/model.php. The CVSS metrics in the initial entry indicate a critical impact on confidentiality, integrity, and availability, with network access, low complexity, no user interaction required, and no privileges r...

9.8CVSS9.8AI score0.00761EPSS
CVE
CVE
added 2022/08/23 3:20 p.m.58 views

CVE-2022-37111

CVE-2022-37111 concerns BlueCMS 1.6, where a SQL injection vulnerability is present in the file path admin/article.php at line 132. The issue stems from unsafeguarded database queries, enabling an attacker to inject SQL through input handled by that code path. The CVE has a NVD base score of 9.8 ...

9.8CVSS9.9AI score0.00777EPSS
CVE
CVE
added 2022/08/23 3:17 p.m.58 views

CVE-2022-37113

BlueCMS 1.6 is affected by an SQL injection in admin/area.php at line 132. The vulnerability is cited across multiple sources (e.g., NVD entry CVE-2022-37113 with CVSSv3.1 base score 9.8, critical impact; network access, no user interaction). Connected documents corroborate the affected location;...

9.8CVSS9.8AI score0.14423EPSS
CVE
CVE
added 2024/10/07 12:0 a.m.57 views

CVE-2024-45894

CVE-2024-45894 affects BlueCMS 1.6, enabling Arbitrary File Deletion via the file_name parameter in the /admin/database.php?act=del endpoint. The underlying issue is that the parameter allows deletions of arbitrary files, exposing potential file-impact risks. Remediation guidance in the connected...

4.9CVSS7.2AI score0.00326EPSS
Web
CVE
CVE
added 2019/03/06 4:0 p.m.50 views

CVE-2019-9594

CVE-2019-9594 affects BlueCMS 1.6 and describes an SQL injection vulnerability in the parameter user_id within the uploads/admin/user.php?act=edit request. The vulnerability allows bypassing authentication and manipulating the SQL queries executed by the application, leading to potential disclosu...

9.8CVSS9.8AI score0.01452EPSS
Web
CVE
CVE
added 2025/04/10 12:0 a.m.49 views

CVE-2025-29150

BlueCMS 1.6 is affected by CVE-2025-29150 via Arbitrary File Deletion caused by abuse of the id parameter in a "/publish.php?act=del" request. The issue potentially enables deletion of files, which can lead to a denial of service. The connected PT-2025-15993 entry documents the affected software/...

4.3CVSS7AI score0.00356EPSS
CVE
CVE
added 2021/09/07 11:41 p.m.48 views

CVE-2020-19853

BlueCMS v1.6 contains a SQL injection vulnerability exploitable via the /ad_js.php endpoint. The issue is documented across multiple sources (NVD CVE-2020-19853, Red Hat advisory, CNNVD, etc.). According to NVD, CVSS v2 base 7.5 (HIGH) and CVSS v3.1 base 9.8 (CRITICAL) indicate network-exposed, l...

9.8CVSS9.7AI score0.01133EPSS
CVE
CVE
added 2023/05/30 12:0 a.m.47 views

CVE-2023-33734

BlueCMS v1.6 is affected by a SQL injection in the search.php keywords parameter. The root cause is unsafe handling of the keywords input in the SQL query, enabling remote exploitation without user interaction (CVSSv3.1: 9.8, Critical, Network). Exploitation details beyond what is in the document...

9.8CVSS9.7AI score0.00752EPSS
CVE
CVE
added 2019/03/28 9:42 p.m.45 views

CVE-2019-10262

CVE-2019-10262 affects BlueCMS 1.6, with a SQL injection arising from interpolating the variable $ad_id directly in uploads/admin/ad.php without quotes, allowing injection around the escape of magic quotes. Documented across multiple sources (NVD, Red Hat, CNVD, CVE lists). CVSS scores indicate h...

9.8CVSS9.9AI score0.01452EPSS
Web
CVE
CVE
added 2018/09/04 12:0 a.m.44 views

CVE-2018-16432

BlueCMS 1.6 is affected by CVE-2018-16432 via SQL injection in the user_name parameter to uploads/user.php?act=index_login. The underlying issue is improper input handling that enables an attacker to inject SQL through that parameter. The CVSS metrics indicate a high to critical impact (CVSSv2: 7...

9.8CVSS9.8AI score0.01135EPSS
Web
CVE
CVE
added 2011/10/08 10:0 a.m.41 views

CVE-2010-4897

CVE-2010-4897 is a SQL injection vulnerability affecting BlueCMS 1.6, specifically in comment.php. An attacker could send crafted requests via the X-Forwarded-For HTTP header in a send action to execute arbitrary SQL commands. This is supported by multiple sources (NVD, Red Hat, CVE records). The...

7.5CVSS8.6AI score0.01098EPSS