CVE-2019-10262

Name of the Vulnerable Software and Affected Versions: BlueCMS version 1.6

Description: A SQL Injection issue was discovered. The variable ad id is directly spliced in uploads/admin/ad.php in the admin folder and is not wrapped in single quotes, resulting in injection around the escape of magic quotes.

Recommendations: For BlueCMS version 1.6, consider wrapping the ad id variable in single quotes or properly sanitizing it to prevent SQL injection. As a temporary workaround, restrict access to the uploads/admin/ad.php file in the admin folder to minimize the risk of exploitation.