This page lists publicly disclosed CVE vulnerabilities affecting boonex dolphin (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-27969 | Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. | [email protected] | 4.8 | 0.17% | 2021-03-23 | 2024-11-21 |
| CVE-2013-3638 | SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'. | [email protected] | 8.8 | 0.39% | 2020-02-06 | 2024-11-21 |
| CVE-2014-4333 | Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810. | [email protected] | 6.8 | 0.22% | 2014-06-19 | 2026-05-06 |
| CVE-2014-3810 | SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333. | [email protected] | 6.5 | 0.36% | 2014-06-19 | 2026-05-06 |
| CVE-2012-0873 | Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php. | [email protected] | 4.3 | 7.34% | 2012-02-23 | 2026-04-29 |
| CVE-2011-3728 | Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files. | [email protected] | 5.0 | 0.33% | 2011-09-23 | 2026-04-29 |
| CVE-2008-3167 | Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin. | [email protected] | 9.3 | 5.53% | 2008-07-14 | 2026-04-23 |
| CVE-2006-5410 | PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189. | [email protected] | 5.1 | 0.89% | 2006-10-20 | 2026-04-23 |
| CVE-2006-4189 | Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts. | [email protected] | 5.1 | 5.68% | 2006-08-17 | 2026-04-16 |