Aggregates CVE and security vulnerability intelligence across all dream4-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk cross-site scripting and related problems; some flaws may lead to vendor impact data exposure, affecting vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2008-6210 | SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 allows remote attackers to execute arbitrary SQL commands via the img_id parameter in the gallerypic page. | [email protected] | 7.5 | 0.97% | 2009-02-20 | 2026-04-23 |
| CVE-2008-4778 | SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action. | [email protected] | 7.5 | 1.05% | 2008-10-29 | 2026-04-23 |
| CVE-2008-2036 | SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter in a poll action. | [email protected] | 7.5 | 1.19% | 2008-04-30 | 2026-04-23 |
| CVE-2008-1122 | SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0. | [email protected] | 7.5 | 1.00% | 2008-03-03 | 2026-04-23 |
| CVE-2006-3622 | The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL error. | [email protected] | 5.0 | 1.14% | 2006-07-18 | 2026-04-16 |
| CVE-2006-3621 | SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter. | [email protected] | 7.5 | 1.11% | 2006-07-18 | 2026-04-16 |
| CVE-2006-3620 | Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter. | [email protected] | 2.6 | 1.20% | 2006-07-18 | 2026-04-16 |
| CVE-2005-4588 | Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 4.3 | 1.35% | 2005-12-30 | 2026-04-16 |
| CVE-2005-1373 | Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters. | [email protected] | 7.5 | 1.47% | 2005-05-03 | 2026-04-16 |
| CVE-2005-0890 | SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote attackers to execute arbitrary SQL commands via the area parameter. | [email protected] | 7.5 | 1.16% | 2005-05-02 | 2026-04-16 |
| CVE-2005-0889 | Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter. | [email protected] | 4.3 | 1.36% | 2005-03-24 | 2026-04-16 |