SQL Injection Vulnerability in BlueCMS 1.6

SQL Injection Vulnerability in BlueCMS 1.6

CVE-2019-10262 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

A SQL Injection issue was discovered in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.