Summary
Detail | |||
---|---|---|---|
Vendor | Boonex | First view | 2006-08-16 |
Product | Dolphin | Last view | 2021-03-23 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.8 | 2021-03-23 | CVE-2021-27969 | Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. |
8.8 | 2020-02-06 | CVE-2013-3638 | SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'. |
6.8 | 2014-06-19 | CVE-2014-4333 | Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810. |
6.5 | 2014-06-19 | CVE-2014-3810 | SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333. |
4.3 | 2012-02-23 | CVE-2012-0873 | Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php. |
5 | 2011-09-23 | CVE-2011-3728 | Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files. |
9.3 | 2008-07-14 | CVE-2008-3167 | Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin. |
5.1 | 2006-10-20 | CVE-2006-5410 | PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189. |
5.1 | 2006-08-16 | CVE-2006-4189 | Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
28% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
28% (2) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
14% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
14% (1) | CWE-200 | Information Exposure |
14% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
75764 | Dolphin Multiple Script Direct Request Path Disclosure |
46862 | SafeHTML safehtml.php dir[plugins] Parameter Remote File Inclusion |
46861 | SafeHTML HTMLSax3.php dir[plugins] Parameter Remote File Inclusion |
31004 | Dolphin index.php dir[inc] Parameter Remote File Inclusion |
28530 | Dolphin vkiss.php dir[inc] Parameter Remote File Inclusion |
28529 | Dolphin video_pop.php dir[inc] Parameter Remote File Inclusion |
28528 | Dolphin unregister.php dir[inc] Parameter Remote File Inclusion |
28527 | Dolphin terms_of_use.php dir[inc] Parameter Remote File Inclusion |
28526 | Dolphin tellfriend.php dir[inc] Parameter Remote File Inclusion |
28525 | Dolphin story_view.php dir[inc] Parameter Remote File Inclusion |
28524 | Dolphin story.php dir[inc] Parameter Remote File Inclusion |
28523 | Dolphin stories.php dir[inc] Parameter Remote File Inclusion |
28522 | Dolphin sound_pop.php dir[inc] Parameter Remote File Inclusion |
28521 | Dolphin shoutbox.php dir[inc] Parameter Remote File Inclusion |
28520 | Dolphin service.php dir[inc] Parameter Remote File Inclusion |
28519 | Dolphin search_result.php dir[inc] Parameter Remote File Inclusion |
28518 | Dolphin search.php dir[inc] Parameter Remote File Inclusion |
28517 | Dolphin sdating.php dir[inc] Parameter Remote File Inclusion |
28516 | Dolphin result.php dir[inc] Parameter Remote File Inclusion |
28515 | Dolphin rate.php dir[inc] Parameter Remote File Inclusion |
28514 | Dolphin profile_video.php dir[inc] Parameter Remote File Inclusion |
28513 | Dolphin profile_sound.php dir[inc] Parameter Remote File Inclusion |
28512 | Dolphin profile_photos.php dir[inc] Parameter Remote File Inclusion |
28511 | Dolphin profile_edit.php dir[inc] Parameter Remote File Inclusion |
28510 | Dolphin profile_customize.php dir[inc] Parameter Remote File Inclusion |
OpenVAS Exploits
id | Description |
---|---|
2011-09-30 | Name : Dolphin '.php' Files Information Disclosure Vulnerability File : nvt/secpod_dolphin_php_info_disc_vuln.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-16 | BoonEx Dolphin 6.1.2 remote file include attempt RuleID : 28944 - Type : SERVER-WEBAPP - Revision : 3 |
2014-01-16 | BoonEx Dolphin 6.1.2 remote file include attempt RuleID : 28943 - Type : SERVER-WEBAPP - Revision : 3 |
2014-01-16 | BoonEx Dolphin 6.1.2 remote file include attempt RuleID : 28942 - Type : SERVER-WEBAPP - Revision : 3 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2008-07-09 | Name: The remote web server contains a PHP application that is affected by multiple... File: dolphin_file_includes.nasl - Type: ACT_ATTACK |