Vulnerabilities > Blueriver
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-26 | CVE-2018-7486 | Path Traversal vulnerability in Blueriver Muracms Blue River Mura CMS before v7.0.7029 supports inline function calls with an [m] tag and [/m] end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an [m]$.dspinclude("../pathname/executable.jpeg")[/m] approach, where executable.jpeg contains ColdFusion Markup Language code. | 6.5 |
| 2017-04-27 | CVE-2017-8302 | Cross-site Scripting vulnerability in Blueriver Muracms 7.0.6967 Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to admin/core/views/carch/list.cfm, admin/core/views/carch/loadsiteflat.cfm, admin/core/views/cusers/inc/dsp_nextn.cfm, admin/core/views/cusers/inc/dsp_search_form.cfm, admin/core/views/cusers/inc/dsp_users_list.cfm, admin/core/views/cusers/list.cfm, and admin/core/views/cusers/listusers.cfm. | 3.5 |
| 2010-09-29 | CVE-2010-3468 | Path Traversal vulnerability in Blueriver Mura CMS and Sava CMS Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 before 5.1.498 and 5.2 before 5.2.2809, and Sava CMS 5 through 5.2, allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2009-03-06 | CVE-2008-6434 | SQL Injection vulnerability in Blueriver Sava CMS SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter. | 7.5 |
| 2009-03-06 | CVE-2008-6433 | Cross-Site Scripting vulnerability in Blueriver Sava CMS Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. | 4.3 |