CVE-2022-38922

Published April 3rd, 2023

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.

dtssec/CVE-DisclosuresUNAVAILABLE

Official Source of public vulnerability disclosures published by DTS Researchers

GitHub