Dream4 Koobi Pro vulnerabilities
4 known vulnerabilities affecting dream4/koobi_pro.
Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1LOW1
Vulnerabilities
Page 1 of 1
CVE-2008-1122P3HIGHCVSS 7.5PoCv5.72008-03-03
CVE-2008-1122 [HIGH] CWE-89 CVE-2008-1122: SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to exec
SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0.
nvd
CVE-2006-3621P3HIGHCVSS 7.5PoCv5.62006-07-18
CVE-2006-3621 [HIGH] CVE-2006-3621: SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to
SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter.
nvd
CVE-2006-3622P4MEDIUMCVSS 5.0v5.62006-07-18
CVE-2006-3622 [MEDIUM] CVE-2006-3622: The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information vi
The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL error.
nvd
CVE-2006-3620P4LOWCVSS 2.6v5.62006-07-18
CVE-2006-3620 [LOW] CVE-2006-3620: Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote
Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter.
nvd