CVE-2022-37113: Bluecms V1.6 has SQL injection in line 132 of admin/area.php · Issue #3 · seizer-zyx/Vulnerability

Bluecms_v1.6****Download

http://lp.downcode.com/j_14/j_14745_bluecms.rar

vulnerability code:

in admin/area.php line 36:

Line 36 of admin/area.php is not heavily filtered, and insert at line 47 allows injection
Single quotes cannot be injected because the argument passed in is get_magic_quotes_gpc()
However, we found the use code GB2312 in the returned response header

So we can do wide-byte injection here
payload: area_name=0%df’,0,0,0,0),(0,@@Version,0,0,0,0)%23&parentid=0&show_order=0&act=doadd

Successful injection！