Vulnerabilities > Boonex

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-27969 Cross-site Scripting vulnerability in Boonex Dolphin 7.4.2
Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.
network
boonex CWE-79
3.5
2020-02-06 CVE-2013-3638 SQL Injection vulnerability in Boonex Dolphin
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.
network
low complexity
boonex CWE-89
6.5
2014-06-19 CVE-2014-4333 Cross-Site Request Forgery (CSRF) vulnerability in Boonex Dolphin
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
network
boonex CWE-352
6.8
2014-06-19 CVE-2014-3810 SQL Injection vulnerability in Boonex Dolphin
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter.
network
low complexity
boonex CWE-89
6.5
2012-02-23 CVE-2012-0873 Cross-Site Scripting vulnerability in Boonex Dolphin
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
network
boonex CWE-79
4.3
2011-09-23 CVE-2011-3728 Information Exposure vulnerability in Boonex Dolphin 7.0.4
Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.
network
low complexity
boonex CWE-200
5.0
2009-08-21 CVE-2009-2919 Cross-Site Scripting vulnerability in Boonex Orca 2.0/2.0.2
Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.
network
boonex CWE-79
3.5
2008-11-19 CVE-2008-5167 Code Injection vulnerability in Boonex Orca 2.0/2.0.2
PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter.
network
boonex CWE-94
critical
9.3
2008-07-14 CVE-2008-3167 Code Injection vulnerability in Boonex Dolphin 6.1.2
Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php.
network
boonex CWE-94
critical
9.3
2008-07-14 CVE-2008-3166 Code Injection vulnerability in Boonex RAY 3.5
PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter.
network
boonex CWE-94
critical
9.3