Vulnerabilities > Boonex > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-06 | CVE-2013-3638 | SQL Injection vulnerability in Boonex Dolphin SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'. | 6.5 |
| 2014-06-19 | CVE-2014-4333 | Cross-Site Request Forgery (CSRF) vulnerability in Boonex Dolphin Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810. | 6.8 |
| 2014-06-19 | CVE-2014-3810 | SQL Injection vulnerability in Boonex Dolphin SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. | 6.5 |
| 2012-02-23 | CVE-2012-0873 | Cross-Site Scripting vulnerability in Boonex Dolphin Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php. | 4.3 |
| 2011-09-23 | CVE-2011-3728 | Information Exposure vulnerability in Boonex Dolphin 7.0.4 Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files. | 5.0 |
| 2006-10-20 | CVE-2006-5410 | Local File Include vulnerability in Boonex Dolphin 5.2 PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. | 5.1 |
| 2006-08-17 | CVE-2006-4189 | Remote File Include vulnerability in Boonex Dolphin 5.1 Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts. | 5.1 |
| 2006-02-22 | CVE-2006-0833 | HTML Injection vulnerability in Boonex Barracuda Directory 1.1 Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module. network boonex | 4.3 |