cbcvebase.

Boonex Dolphin vulnerabilities

9 known vulnerabilities affecting boonex/dolphin.

Total CVEs
9
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2008-3167P3CRITICALCVSS 9.3PoCv6.1.22008-07-14
CVE-2008-3167 [CRITICAL] CWE-94 CVE-2008-3167: Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE:
nvd
CVE-2013-3638P3HIGHCVSS 8.8fixed in 7.1.32020-02-06
CVE-2013-3638 [HIGH] CWE-89 CVE-2013-3638: SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to exec SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.
nvd
CVE-2012-0873P4MEDIUMCVSS 4.3PoC≤ 7.0.7v5.1+9 more2012-02-23
CVE-2012-0873 [MEDIUM] CWE-79 CVE-2012-0873: Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote atta Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
nvd
CVE-2014-3810P3MEDIUMCVSS 6.5≤ 7.1.4v7.0.0+13 more2014-06-19
CVE-2014-3810 [MEDIUM] CWE-89 CVE-2014-3810: SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allow SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
nvd
CVE-2006-4189P4MEDIUMCVSS 5.1v5.12006-08-17
CVE-2006-4189 [MEDIUM] CVE-2006-4189: Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many
nvd
CVE-2014-4333P4MEDIUMCVSS 6.8≤ 7.1.4v7.0.0+13 more2014-06-19
CVE-2014-4333 [MEDIUM] CVE-2014-4333: Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
nvd
CVE-2006-5410P4MEDIUMCVSS 5.1v5.22006-10-20
CVE-2006-5410 [MEDIUM] CVE-2006-5410: PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5. PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189.
nvd
CVE-2021-27969P4MEDIUMCVSS 4.8v7.4.22021-03-23
CVE-2021-27969 [MEDIUM] CWE-79 CVE-2021-27969: Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.
nvd
CVE-2011-3728P4MEDIUMCVSS 5.0v7.0.42011-09-23
CVE-2011-3728 [MEDIUM] CWE-200 CVE-2011-3728: Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.
nvd
Boonex Dolphin vulnerabilities | cvebase