cbcvebase.

Dream4 Koobi Pro vulnerabilities

4 known vulnerabilities affecting dream4/koobi_pro.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1LOW1

Vulnerabilities

Page 1 of 1
CVE-2008-1122P3HIGHCVSS 7.5PoCv5.72008-03-03
CVE-2008-1122 [HIGH] CWE-89 CVE-2008-1122: SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to exec SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0.
nvd
CVE-2006-3621P3HIGHCVSS 7.5PoCv5.62006-07-18
CVE-2006-3621 [HIGH] CVE-2006-3621: SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter.
nvd
CVE-2006-3622P4MEDIUMCVSS 5.0v5.62006-07-18
CVE-2006-3622 [MEDIUM] CVE-2006-3622: The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information vi The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL error.
nvd
CVE-2006-3620P4LOWCVSS 2.6v5.62006-07-18
CVE-2006-3620 [LOW] CVE-2006-3620: Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter.
nvd
Dream4 Koobi Pro vulnerabilities | cvebase