Skip to main content

Bluecms CVE-2022-27962

CRITICAL
SQL Injection (CWE-89)
2022-05-03 cve@mitre.org
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 03, 2022 - 17:15 nvd
CRITICAL 9.8

DescriptionNVD

Bluecms 1.6 has a SQL injection vulnerability at cooike.

AnalysisAI

Bluecms 1.6 has a SQL injection vulnerability at cooike. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Affected products include: Bluecms Project Bluecms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2023-33734 CRITICAL POC
9.8 May 30

BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php. Rated cri

CVE-2022-37113 CRITICAL POC
9.8 Aug 23

Bluecms 1.6 has SQL injection in line 132 of admin/area.php. Rated critical severity (CVSS 9.8), this vulnerability is r

CVE-2022-37112 CRITICAL POC
9.8 Aug 23

BlueCMS 1.6 has SQL injection in line 55 of admin/model.php. Rated critical severity (CVSS 9.8), this vulnerability is r

CVE-2022-37111 CRITICAL POC
9.8 Aug 23

BlueCMS 1.6 has SQL injection in line 132 of admin/article.php. Rated critical severity (CVSS 9.8), this vulnerability i

CVE-2019-10262 CRITICAL POC
9.8 Mar 28

A SQL Injection issue was discovered in BlueCMS 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely

CVE-2019-9594 CRITICAL POC
9.8 Mar 06

BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request. Rated critical

CVE-2018-16432 CRITICAL POC
9.8 Sep 04

BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. Rated critical severit

CVE-2025-29150 MEDIUM POC
4.3 Apr 10

BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del request. Rated medium s

CVE-2024-45894 MEDIUM
4.9 Oct 07

BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.

Share

CVE-2022-27962 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy