Dolphin Security Vulnerabilities and Issues — Dolphin CVE List

Lucene search

BoonexDolphin

9 matches found

CVE•added 2020/02/06 10:15 p.m.•77 views

CVE-2013-3638

SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.

8.8CVSS8.8AI score0.0039EPSS

Web

CVE•added 2011/09/23 11:55 p.m.•44 views

CVE-2011-3728

Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.

5CVSS6.3AI score0.00283EPSS

CVE•added 2012/02/23 8:7 p.m.•43 views

CVE-2012-0873

Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.

4.3CVSS5.9AI score0.09782EPSS

Web

CVE•added 2006/08/17 1:4 a.m.•40 views

CVE-2006-4189

Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) joi...

5.1CVSS7.6AI score0.03507EPSS

CVE•added 2014/06/19 2:55 p.m.•36 views

CVE-2014-3810

SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.

6.5CVSS8AI score0.00355EPSS

Web

CVE•added 2008/07/14 11:41 p.m.•33 views

CVE-2008-3167

Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter...

9.3CVSS7.6AI score0.04147EPSS

Web

CVE•added 2014/06/19 2:55 p.m.•33 views

CVE-2014-4333

Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.

6.8CVSS8AI score0.00355EPSS

Web

CVE•added 2006/10/20 2:7 p.m.•32 views

CVE-2006-5410

PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189.

5.1CVSS7.5AI score0.03507EPSS

Web

CVE•added 2021/03/23 2:15 p.m.•29 views

CVE-2021-27969

Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.

4.8CVSS4.7AI score0.00207EPSS