Bluecms_project Bluecms

12 CVEs affecting Bluecms_project Bluecms. Latest disclosed: 2025-04-10. Critical: 9, High: 0.

Top CVEs affecting Bluecms_project Bluecms
CVESeverityScorePublishedSummary
CVE-2023-33734Critical9.82023-05-30BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php.
CVE-2022-37113Critical9.82022-08-23Bluecms 1.6 has SQL injection in line 132 of admin/area.php
CVE-2022-37112Critical9.82022-08-23BlueCMS 1.6 has SQL injection in line 55 of admin/model.php
CVE-2022-37111Critical9.82022-08-23BlueCMS 1.6 has SQL injection in line 132 of admin/article.php
CVE-2022-27962Critical9.82022-05-03Bluecms 1.6 has a SQL injection vulnerability at cooike.
CVE-2020-19853Critical9.82021-09-08BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php.
CVE-2019-10262Critical9.82019-03-28A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in…
CVE-2019-9594Critical9.82019-03-06BlueCMS 1.6 allows SQL Injection via the user_id parameter in an uploads/admin/user.php?act=edit request.
CVE-2018-16432Critical9.82018-09-04BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login.
CVE-2024-45894Medium4.92024-10-07BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request.
CVE-2025-29150Medium4.32025-04-10BlueCMS 1.6 suffers from Arbitrary File Deletion via the id parameter in an /publish.php?act=del request.
CVE-2010-48972011-10-08SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a se…