Known Vulnerabilities for products from Boonex

Listed below are 14 of the newest known vulnerabilities associated with the vendor "Boonex".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-27969 json Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. 4.8 - MEDIUM 2021-03-23 2021-04-02
CVE-2014-4333 json Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote att... Not Provided 2014-06-19 2026-05-06
CVE-2014-3810 json SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated ad... Not Provided 2014-06-19 2026-05-06
CVE-2013-3638 json SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL command... 8.8 - HIGH 2020-02-06 2020-02-12
CVE-2012-0873 json Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary... Not Provided 2012-02-23 2026-04-29
CVE-2011-3728 json Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the ... Not Provided 2011-09-23 2026-04-29
CVE-2009-2919 json Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary w... Not Provided 2009-08-21 2026-04-23
CVE-2008-5167 json PHP remote file inclusion vulnerability in layout/default/params.php in Boonex Orca 2.0 and 2.0.2, when register_globals is e... Not Provided 2008-11-19 2026-04-23
CVE-2008-3167 json Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote at... Not Provided 2008-07-14 2026-04-23
CVE-2008-3166 json PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is ena... Not Provided 2008-07-14 2026-04-23
CVE-2006-5410 json PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers... Not Provided 2006-10-20 2026-04-23
CVE-2006-4189 json Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a ... 5.1 - MEDIUM 2006-08-17 2017-07-20
CVE-2006-2133 json SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL... Not Provided 2006-05-01 2025-04-03
CVE-2006-0833 json Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web... Not Provided 2006-02-22 2025-04-03

Known software with vulnerabilities from Boonex

Type Vendor Product Version
ApplicationBoonexDolphin7.0.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report