CVE Tools

boonex

Web & CMS Pluginscommercial

11

Cumulative CVEs

9

Monthly snapshots

#48

Peak rank

Top products

Latest CVEs

The 14 most recently published vulnerabilities affecting boonex.

CVE-2021-27969Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.4.8Mar 23, 2021
CVE-2013-3638SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.8.8Feb 6, 2020
CVE-2014-3810SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] paramet...6.5Jun 19, 2014
CVE-2014-4333Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that ...6.8Jun 19, 2014
CVE-2012-0873Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or ...4.3Feb 23, 2012
CVE-2011-3728Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXM...5.0Sep 23, 2011
CVE-2009-2919Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.3.5Aug 21, 2009
CVE-2008-5167PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL ...9.3Nov 19, 2008
CVE-2008-3167Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] ...9.3Jul 14, 2008
CVE-2008-3166PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in...9.3Jul 14, 2008
CVE-2006-5410PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOT...5.1Oct 20, 2006
CVE-2006-4189Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) br...5.1Aug 17, 2006
CVE-2006-2133SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, ...7.5May 1, 2006
CVE-2006-0833Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Sugge...4.3Feb 22, 2006