A SQL Injection issue exists in BlueCMS 1.6. The variable $ad_id is spliced directly in uploads/admin/ad.php in the admin folder, and is not wrapped in single quotes, resulting in injection around the escape of magic quotes.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bluecms project bluecms 1.6 |