cbcvebase.

Cpg-Nuke Dragonfly Cms vulnerabilities

4 known vulnerabilities affecting cpg-nuke/dragonfly_cms.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2006-0644P3HIGHCVSS 7.5PoCv9.0.6_.12006-02-10
CVE-2006-0644 [HIGH] CVE-2006-0644: Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Drago Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to ins
nvd
CVE-2006-1033P4MEDIUMCVSS 4.3PoCv9.0.1.1v9.0.2.0+4 more2006-03-07
CVE-2006-1033 [MEDIUM] CVE-2006-1033: Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote att Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) y
nvd
CVE-2006-4162P4MEDIUMCVSS 6.8v9.0.1.1v9.0.2.0+5 more2006-08-16
CVE-2006-4162 [MEDIUM] CVE-2006-4162: Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attacker Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field.
nvd
CVE-2006-0726P4MEDIUMCVSS 4.3v9.0.6.12006-02-16
CVE-2006-0726 [MEDIUM] CVE-2006-0726: Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows rem Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users.
nvd