CVE-2022-38922
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
03/04/2023
Last modified:
18/02/2025
Description
BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:iss-oberlausitz:bluepage_cms:*:*:*:*:*:*:*:* | 3.9 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-38923_Bluepage_CMS_SQLi/CVE-2022-38922-BluePage_CMS_3.9.md
- https://www.bluepage-cms.com/index.php
- https://www.iss-oberlausitz.de/index.php
- https://github.com/dtssec/CVE-Disclosures/blob/main/CVE-2022-38922_CVE-2022-38923_Bluepage_CMS_SQLi/CVE-2022-38922-BluePage_CMS_3.9.md
- https://www.bluepage-cms.com/index.php
- https://www.iss-oberlausitz.de/index.php