12 matches found
CVE-2022-27962
CVE-2022-27962 concerns BlueCMS 1.6, where a SQL injection vulnerability exists in the parameter named “cooike.” The connected documents confirm the affected software (BlueCMS 1.6) and the underlying issue (SQL injection in a request parameter), with the NVD CVSS indicating a high/critical impact...
CVE-2022-37112
CVE-2022-37112 affects BlueCMS 1.6 and is due to an SQL injection in line 55 of admin/model.php. The CVSS metrics in the initial entry indicate a critical impact on confidentiality, integrity, and availability, with network access, low complexity, no user interaction required, and no privileges r...
CVE-2022-37111
CVE-2022-37111 concerns BlueCMS 1.6, where a SQL injection vulnerability is present in the file path admin/article.php at line 132. The issue stems from unsafeguarded database queries, enabling an attacker to inject SQL through input handled by that code path. The CVE has a NVD base score of 9.8 ...
CVE-2022-37113
BlueCMS 1.6 is affected by an SQL injection in admin/area.php at line 132. The vulnerability is cited across multiple sources (e.g., NVD entry CVE-2022-37113 with CVSSv3.1 base score 9.8, critical impact; network access, no user interaction). Connected documents corroborate the affected location;...
CVE-2024-45894
CVE-2024-45894 affects BlueCMS 1.6, enabling Arbitrary File Deletion via the file_name parameter in the /admin/database.php?act=del endpoint. The underlying issue is that the parameter allows deletions of arbitrary files, exposing potential file-impact risks. Remediation guidance in the connected...
CVE-2019-9594
CVE-2019-9594 affects BlueCMS 1.6 and describes an SQL injection vulnerability in the parameter user_id within the uploads/admin/user.php?act=edit request. The vulnerability allows bypassing authentication and manipulating the SQL queries executed by the application, leading to potential disclosu...
CVE-2025-29150
BlueCMS 1.6 is affected by CVE-2025-29150 via Arbitrary File Deletion caused by abuse of the id parameter in a "/publish.php?act=del" request. The issue potentially enables deletion of files, which can lead to a denial of service. The connected PT-2025-15993 entry documents the affected software/...
CVE-2020-19853
BlueCMS v1.6 contains a SQL injection vulnerability exploitable via the /ad_js.php endpoint. The issue is documented across multiple sources (NVD CVE-2020-19853, Red Hat advisory, CNNVD, etc.). According to NVD, CVSS v2 base 7.5 (HIGH) and CVSS v3.1 base 9.8 (CRITICAL) indicate network-exposed, l...
CVE-2023-33734
BlueCMS v1.6 is affected by a SQL injection in the search.php keywords parameter. The root cause is unsafe handling of the keywords input in the SQL query, enabling remote exploitation without user interaction (CVSSv3.1: 9.8, Critical, Network). Exploitation details beyond what is in the document...
CVE-2019-10262
CVE-2019-10262 affects BlueCMS 1.6, with a SQL injection arising from interpolating the variable $ad_id directly in uploads/admin/ad.php without quotes, allowing injection around the escape of magic quotes. Documented across multiple sources (NVD, Red Hat, CNVD, CVE lists). CVSS scores indicate h...
CVE-2018-16432
BlueCMS 1.6 is affected by CVE-2018-16432 via SQL injection in the user_name parameter to uploads/user.php?act=index_login. The underlying issue is improper input handling that enables an attacker to inject SQL through that parameter. The CVSS metrics indicate a high to critical impact (CVSSv2: 7...
CVE-2010-4897
CVE-2010-4897 is a SQL injection vulnerability affecting BlueCMS 1.6, specifically in comment.php. An attacker could send crafted requests via the X-Forwarded-For HTTP header in a send action to execute arbitrary SQL commands. This is supported by multiple sources (NVD, Red Hat, CVE records). The...