CVE-2018-16432

Name of the Vulnerable Software and Affected Versions BlueCMS version 1.6

Description The issue allows SQL Injection via the user name parameter to the "uploads/user.php?act=index login" endpoint.

Recommendations For BlueCMS version 1.6, avoid using the user name parameter in the affected endpoint until the issue is resolved. Consider restricting access to the "uploads/user.php?act=index login" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.