2 matches found
CVE-2008-5167
CVE-2008-5167 is a PHP remote file inclusion vulnerability in Boonex Orca 2.0 and 2.0.2. The flaw occurs in layout/default/params.php when register_globals is enabled, allowing an attacker to provide a URL in the gConf[dir][layouts] parameter to execute arbitrary PHP code on the server. The NVD e...
CVE-2009-2919
Boonex Orca 2.0 and 2.0.2 are affected by an XSS vulnerability that allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. Affected component: Boonex Orca (versions 2.0, 2.0.2). Root cause details are not provided in the documents. No remediation or ex...