CVE Tools

dream4

Web & CMS Pluginsunknown

10

Cumulative CVEs

7

Monthly snapshots

#28

Peak rank

Top products

Latest CVEs

The 11 most recently published vulnerabilities affecting dream4.

CVE-2008-6210SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 allows remote attackers to execute arbitrary SQL commands via the img_id parameter in the gallerypic page.7.5Feb 20, 2009
CVE-2008-4778SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.7.5Oct 29, 2008
CVE-2008-2036SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter in a poll action.7.5Apr 30, 2008
CVE-2008-1122SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported tha...7.5Mar 3, 2008
CVE-2006-3622The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it i...5.0Jul 14, 2006
CVE-2006-3621SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter.7.5Jul 14, 2006
CVE-2006-3620Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter.2.6Jul 14, 2006
CVE-2005-4588Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode tags. NOTE: the provenance of this information i...4.3Dec 30, 2005
CVE-2005-1373Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters.7.5May 2, 2005
CVE-2005-0890SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote attackers to execute arbitrary SQL commands via the area parameter.7.5Mar 26, 2005
CVE-2005-0889Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter.4.3Mar 26, 2005