dtssec/CVE-Disclosures

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases0

Official Source of public vulnerability disclosures published by DTS Researchers

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-38922 ↗	Apr 3, 2023Monday, 3 April 2023, 15:15	9.8 CRITICAL	—
BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.
CVE-2022-38923 ↗	Apr 3, 2023Monday, 3 April 2023, 15:15	9.8 CRITICAL	—
BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload.