Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Bluecms 1.6 has a SQL injection vulnerability at cooike.
AnalysisAI
Bluecms 1.6 has a SQL injection vulnerability at cooike. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Affected products include: Bluecms Project Bluecms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php. Rated cri
Bluecms 1.6 has SQL injection in line 132 of admin/area.php. Rated critical severity (CVSS 9.8), this vulnerability is r
BlueCMS 1.6 has SQL injection in line 55 of admin/model.php. Rated critical severity (CVSS 9.8), this vulnerability is r
BlueCMS 1.6 has SQL injection in line 132 of admin/article.php. Rated critical severity (CVSS 9.8), this vulnerability i
A SQL Injection issue was discovered in BlueCMS 1.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely
BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request. Rated critical
BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. Rated critical severit
BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del request. Rated medium s
BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today