cbcvebase.

Bluecms Project Bluecms vulnerabilities

12 known vulnerabilities affecting bluecms_project/bluecms.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2022-37113P3CRITICALCVSS 9.8v1.62022-08-23
CVE-2022-37113 [CRITICAL] CWE-89 CVE-2022-37113: Bluecms 1.6 has SQL injection in line 132 of admin/area.php Bluecms 1.6 has SQL injection in line 132 of admin/area.php
nvd
CVE-2019-9594P3CRITICALCVSS 9.8v1.62019-03-06
CVE-2019-9594 [CRITICAL] CWE-89 CVE-2019-9594: BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit req BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request.
nvd
CVE-2022-27962P3CRITICALCVSS 9.8v1.62022-05-03
CVE-2022-27962 [CRITICAL] CWE-89 CVE-2022-27962: Bluecms 1.6 has a SQL injection vulnerability at cooike. Bluecms 1.6 has a SQL injection vulnerability at cooike.
nvd
CVE-2019-10262P3CRITICALCVSS 9.8v1.62019-03-28
CVE-2019-10262 [CRITICAL] CWE-89 CVE-2019-10262: A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uplo A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes.
nvd
CVE-2022-37112P3CRITICALCVSS 9.8v1.62022-08-23
CVE-2022-37112 [CRITICAL] CWE-89 CVE-2022-37112: BlueCMS 1.6 has SQL injection in line 55 of admin/model.php BlueCMS 1.6 has SQL injection in line 55 of admin/model.php
nvd
CVE-2018-16432P3CRITICALCVSS 9.8v1.62018-09-04
CVE-2018-16432 [CRITICAL] CWE-89 CVE-2018-16432: BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login.
nvd
CVE-2022-37111P3CRITICALCVSS 9.8v1.62022-08-23
CVE-2022-37111 [CRITICAL] CWE-89 CVE-2022-37111: BlueCMS 1.6 has SQL injection in line 132 of admin/article.php BlueCMS 1.6 has SQL injection in line 132 of admin/article.php
nvd
CVE-2023-33734P3CRITICALCVSS 9.8v1.62023-05-30
CVE-2023-33734 [CRITICAL] CWE-89 CVE-2023-33734: BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at s BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php.
nvd
CVE-2020-19853P3CRITICALCVSS 9.8v1.62021-09-08
CVE-2020-19853 [CRITICAL] CWE-89 CVE-2020-19853: BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.
nvd
CVE-2010-4897P3HIGHCVSS 7.5v1.62011-10-08
CVE-2010-4897 [HIGH] CWE-89 CVE-2010-4897: SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitra SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action.
nvd
CVE-2024-45894P4MEDIUMCVSS 4.9v1.62024-10-07
CVE-2024-45894 [MEDIUM] CWE-552 CVE-2024-45894: BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.p BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.
nvd
CVE-2025-29150P4MEDIUMCVSS 4.3v1.62025-04-10
CVE-2025-29150 [MEDIUM] CWE-20 CVE-2025-29150: BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del req BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del request.
nvd
Bluecms Project Bluecms vulnerabilities | cvebase