CVE-2010-4897 Information

Description

SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action.

Reference

http://bbs.wolvez.org/viewtopic.php?id=148 http://osvdb.org/67822 http://secunia.com/advisories/41255