Vulnerabilities > Boonex
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-23 | CVE-2021-27969 | Cross-site Scripting vulnerability in Boonex Dolphin 7.4.2 Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. | 3.5 |
| 2020-02-06 | CVE-2013-3638 | SQL Injection vulnerability in Boonex Dolphin SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'. | 6.5 |
| 2014-06-19 | CVE-2014-4333 | Cross-Site Request Forgery (CSRF) vulnerability in Boonex Dolphin Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810. | 6.8 |
| 2014-06-19 | CVE-2014-3810 | SQL Injection vulnerability in Boonex Dolphin SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. | 6.5 |
| 2012-02-23 | CVE-2012-0873 | Cross-Site Scripting vulnerability in Boonex Dolphin Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php. | 4.3 |
| 2011-09-23 | CVE-2011-3728 | Information Exposure vulnerability in Boonex Dolphin 7.0.4 Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files. | 5.0 |
| 2009-08-21 | CVE-2009-2919 | Cross-Site Scripting vulnerability in Boonex Orca 2.0/2.0.2 Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. | 3.5 |
| 2008-11-19 | CVE-2008-5167 | Code Injection vulnerability in Boonex Orca 2.0/2.0.2 PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the gConf[dir][layouts] parameter. | 9.3 |
| 2008-07-14 | CVE-2008-3167 | Code Injection vulnerability in Boonex Dolphin 6.1.2 Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. | 9.3 |
| 2008-07-14 | CVE-2008-3166 | Code Injection vulnerability in Boonex RAY 3.5 PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter. | 9.3 |