Blue Dragon Php Blue Dragon vulnerabilities
4 known vulnerabilities affecting blue_dragon/php_blue_dragon.
Total CVEs
4
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2006-2392P3MEDIUMCVSS 6.4PoCvplatinum_2.8.02006-05-16
CVE-2006-2392 [MEDIUM] CVE-2006-2392: PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue
PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter.
nvd
CVE-2006-4961P3HIGHCVSS 7.5PoCvplatinum_2.8.0vplatinum_2.9.12006-09-23
CVE-2006-4961 [HIGH] CVE-2006-4961: SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_module
SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php.
nvd
CVE-2006-4962P3MEDIUMCVSS 6.4PoCvplatinum_2.8.0vplatinum_2.9.12006-09-23
CVE-2006-4962 [MEDIUM] CVE-2006-4962: Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remo
Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file.
nvd
CVE-2006-4960P4MEDIUMCVSS 6.8PoCvplatinum_2.8.0vplatinum_2.9.12006-09-23
CVE-2006-4960 [MEDIUM] CVE-2006-4960: Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remot
Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query.
nvd