CVE-2023-33734
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published May 30, 2023
Updated: Jan 13, 2025
CWE ID 89
Summary
CVE-2023-33734 is a newly disclosed SQL injection vulnerability affecting BlueCMS version 1.6. The flaw can be exploited by maliciously crafted keywords input in the search.php file's parameters, allowing unauthorized users to execute arbitrary SQL commands and potentially gain access to sensitive information or make unauthorized modifications to the database. This issue poses a significant risk to websites using the vulnerable BlueCMS version and should be addressed promptly by applying the available patches or updates.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share