4 matches found
CVE-2006-2392
CVE-2006-2392 describes a PHP remote file inclusion vulnerability in the public_includes/pub_popup/popup_finduser.php of PHP Blue Dragon Platinum 2.8.0 . The flaw permits remote attackers to execute arbitrary PHP code by supplying an attacker-controlled URL in the vsDragonRootPath parameter. This...
CVE-2006-4960
The CVE-2006-4960 entry describes a cross-site scripting (XSS) vulnerability in Php Blue Dragon 2.9.1 and earlier, exploitable via the m parameter. The issue is reflected in an error message generated by a failed SQL query, indicating that user-supplied input can be echoed back to the browser in ...
CVE-2006-4961
CVE-2006-4961 affects Php Blue Dragon 2.9.1 and earlier. The vulnerability resides in the GetModuleConfig function inside public_includes/pub_kernel/pbd_modules.php, where the m parameter to index.php leads to a SQL injection that allows remote attackers to execute arbitrary SQL commands. The pro...
CVE-2006-4962
A directory traversal vulnerability affects Php Blue Dragon ≤ 2.9.1 in pbd_engine.php. An attacker can use a .. sequence in the phpExt parameter to read and execute local files, demonstrated by executing PHP code in a log file. The CVE details do not specify affected patch versions beyond the lis...