CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38922
https://notcve.org/view.php?id=CVE-2022-38922
03 Apr 2023 — BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload. • https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-38923_Bluepage_CMS_SQLi/CVE-2022-38922-BluePage_CMS_3.9.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38923
https://notcve.org/view.php?id=CVE-2022-38923
03 Apr 2023 — BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload. • https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-38923_Bluepage_CMS_SQLi/CVE-2022-38922-BluePage_CMS_3.9.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 3CVE-2008-6039 – BLUEPAGE CMS 2.5 - 'PHPSESSID' Session Fixation
https://notcve.org/view.php?id=CVE-2008-6039
03 Feb 2009 — Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. Vulnerabilidad de fijación de sesión en BLUEPAGE CMS v2.5 y anteriores, permite a atacantes remotos secuestrar sesiones web a través del parámetro "PHPSESSID". • https://www.exploit-db.com/exploits/32407 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2008-6027
https://notcve.org/view.php?id=CVE-2008-6027
03 Feb 2009 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in BLUEPAGE CMS 2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) whl, (2) var_1, and (3) search parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en index.php en BLUEPAGE CMS v2.5 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de (1) parámetro "whl", (2) parámetro "var_1" y (3) parámetro "search". • http://secunia.com/advisories/31968 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •