This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Boonex First view 2006-08-16
Product Dolphin Last view 2021-03-23
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:boonex:dolphin:5.2:*:*:*:*:*:*:* 5
cpe:2.3:a:boonex:dolphin:6.1.2:*:*:*:*:*:*:* 5
cpe:2.3:a:boonex:dolphin:7.0.4:*:*:*:*:*:*:* 5
cpe:2.3:a:boonex:dolphin:5.1:*:*:*:*:*:*:* 5
cpe:2.3:a:boonex:dolphin:*:*:*:*:*:*:*:* 4
cpe:2.3:a:boonex:dolphin:7.0.7:*:*:*:*:*:*:* 4
cpe:2.3:a:boonex:dolphin:7.0.1:*:*:*:*:*:*:* 4
cpe:2.3:a:boonex:dolphin:7.0.2:*:*:*:*:*:*:* 4
cpe:2.3:a:boonex:dolphin:7.0.0:*:*:*:*:*:*:* 4
cpe:2.3:a:boonex:dolphin:7.0.6:*:*:*:*:*:*:* 4
cpe:2.3:a:boonex:dolphin:7.0.5:*:*:*:*:*:*:* 4
cpe:2.3:a:boonex:dolphin:7.0.3:*:*:*:*:*:*:* 4
cpe:2.3:a:boonex:dolphin:7.0.3:beta:*:*:*:*:*:* 4
cpe:2.3:a:boonex:dolphin:7.0.8:*:*:*:*:*:*:* 3
cpe:2.3:a:boonex:dolphin:7.1.0:*:*:*:*:*:*:* 3
cpe:2.3:a:boonex:dolphin:7.1.0:b2:*:*:*:*:*:* 3
cpe:2.3:a:boonex:dolphin:7.1.0:b1:*:*:*:*:*:* 3
cpe:2.3:a:boonex:dolphin:7.0.9:*:*:*:*:*:*:* 3
cpe:2.3:a:boonex:dolphin:7.1.2:*:*:*:*:*:*:* 3
cpe:2.3:a:boonex:dolphin:7.1.1:*:*:*:*:*:*:* 3
cpe:2.3:a:boonex:dolphin:7.1.3:*:*:*:*:*:*:* 2
cpe:2.3:a:boonex:dolphin:7.4.2:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
4.8 2021-03-23 CVE-2021-27969

Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.
8.8 2020-02-06 CVE-2013-3638

SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.
6.8 2014-06-19 CVE-2014-4333

Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
6.5 2014-06-19 CVE-2014-3810

SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
4.3 2012-02-23 CVE-2012-0873

Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
5 2011-09-23 CVE-2011-3728

Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files.
9.3 2008-07-14 CVE-2008-3167

Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin.
5.1 2006-10-20 CVE-2006-5410

PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189.
5.1 2006-08-16 CVE-2006-4189

Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('...
28% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
14% (1) CWE-352 Cross-Site Request Forgery (CSRF)
14% (1) CWE-200 Information Exposure
14% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
75764 Dolphin Multiple Script Direct Request Path Disclosure
46862 SafeHTML safehtml.php dir[plugins] Parameter Remote File Inclusion
46861 SafeHTML HTMLSax3.php dir[plugins] Parameter Remote File Inclusion
31004 Dolphin index.php dir[inc] Parameter Remote File Inclusion
28530 Dolphin vkiss.php dir[inc] Parameter Remote File Inclusion
28529 Dolphin video_pop.php dir[inc] Parameter Remote File Inclusion
28528 Dolphin unregister.php dir[inc] Parameter Remote File Inclusion
28527 Dolphin terms_of_use.php dir[inc] Parameter Remote File Inclusion
28526 Dolphin tellfriend.php dir[inc] Parameter Remote File Inclusion
28525 Dolphin story_view.php dir[inc] Parameter Remote File Inclusion
28524 Dolphin story.php dir[inc] Parameter Remote File Inclusion
28523 Dolphin stories.php dir[inc] Parameter Remote File Inclusion
28522 Dolphin sound_pop.php dir[inc] Parameter Remote File Inclusion
28521 Dolphin shoutbox.php dir[inc] Parameter Remote File Inclusion
28520 Dolphin service.php dir[inc] Parameter Remote File Inclusion
28519 Dolphin search_result.php dir[inc] Parameter Remote File Inclusion
28518 Dolphin search.php dir[inc] Parameter Remote File Inclusion
28517 Dolphin sdating.php dir[inc] Parameter Remote File Inclusion
28516 Dolphin result.php dir[inc] Parameter Remote File Inclusion
28515 Dolphin rate.php dir[inc] Parameter Remote File Inclusion
28514 Dolphin profile_video.php dir[inc] Parameter Remote File Inclusion
28513 Dolphin profile_sound.php dir[inc] Parameter Remote File Inclusion
28512 Dolphin profile_photos.php dir[inc] Parameter Remote File Inclusion
28511 Dolphin profile_edit.php dir[inc] Parameter Remote File Inclusion
28510 Dolphin profile_customize.php dir[inc] Parameter Remote File Inclusion

OpenVAS Exploits

id Description
2011-09-30 Name : Dolphin '.php' Files Information Disclosure Vulnerability
File : nvt/secpod_dolphin_php_info_disc_vuln.nasl

Snort® IPS/IDS

Date Description
2014-01-16 BoonEx Dolphin 6.1.2 remote file include attempt
RuleID : 28944 - Type : SERVER-WEBAPP - Revision : 3
2014-01-16 BoonEx Dolphin 6.1.2 remote file include attempt
RuleID : 28943 - Type : SERVER-WEBAPP - Revision : 3
2014-01-16 BoonEx Dolphin 6.1.2 remote file include attempt
RuleID : 28942 - Type : SERVER-WEBAPP - Revision : 3

Nessus® Vulnerability Scanner

id Description
2008-07-09 Name: The remote web server contains a PHP application that is affected by multiple...
File: dolphin_file_includes.nasl - Type: ACT_ATTACK