Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2392 | 1 Blue Dragon | 1 Php Blue Dragon | 2017-10-18 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. | |||||
| CVE-2006-4960 | 1 Blue Dragon | 1 Php Blue Dragon | 2017-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query. | |||||
| CVE-2006-4961 | 1 Blue Dragon | 1 Php Blue Dragon | 2017-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php. | |||||
| CVE-2006-4962 | 1 Blue Dragon | 1 Php Blue Dragon | 2017-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file. | |||||