CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2006-4961 – PHP Blue Dragon CMS 2.9.1 - Cross-Site Scripting / SQL Injection Code Execution
https://notcve.org/view.php?id=CVE-2006-4961
SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php. Vulnerabilidad de inyección SQL en la función GetModuleConfig en public_includes/pub_kernel/pbd_modules.php en Php Blue Dragon 2.9.1 y anteriores, permite a un atacante remoto ejecutar comandos SQL de su elección a través del parámetro m en index.php. • https://www.exploit-db.com/exploits/2402 http://secunia.com/advisories/22031 http://www.securityfocus.com/bid/20123 http://www.vupen.com/english/advisories/2006/3736 https://exchange.xforce.ibmcloud.com/vulnerabilities/29051 •
CVSS: 6.8EPSS: 3%CPEs: 2EXPL: 1CVE-2006-4960 – PHP Blue Dragon CMS 2.9.1 - Cross-Site Scripting / SQL Injection Code Execution
https://notcve.org/view.php?id=CVE-2006-4960
Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en index.php Php Blue Dragon 2.9.1 y anteriores, permite a un atacante remoto inyectar secuencias de comandos web o HTML de su elección a través del parámetro m, el cual se refleja en un mensaje de error como resultado de un fallo en una consulta SQL. • https://www.exploit-db.com/exploits/2402 http://secunia.com/advisories/22031 http://www.securityfocus.com/bid/20123 http://www.vupen.com/english/advisories/2006/3736 https://exchange.xforce.ibmcloud.com/vulnerabilities/29051 https://exchange.xforce.ibmcloud.com/vulnerabilities/29066 •
CVSS: 6.4EPSS: 3%CPEs: 2EXPL: 2CVE-2006-4962 – PHP Blue Dragon CMS 2.9.1 - Cross-Site Scripting / SQL Injection Code Execution
https://notcve.org/view.php?id=CVE-2006-4962
Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file. Vulnerabilidad de atravesamiento de directorios en pbd_engine.php en Php Blue Dragon 2.9.1 y anteriores permite a un atacante remoto leer y ejecutar código archivos de su elección a través de la secuencia ..(punto punto) a través del parámetro phpExt, como se demuestra con la ejecución de código PHP en un fichero grande. • https://www.exploit-db.com/exploits/2402 https://www.exploit-db.com/exploits/4277 http://secunia.com/advisories/22031 http://www.securityfocus.com/bid/20123 http://www.securityfocus.com/bid/25264 http://www.vupen.com/english/advisories/2006/3736 https://exchange.xforce.ibmcloud.com/vulnerabilities/29067 •
CVSS: 6.4EPSS: 3%CPEs: 1EXPL: 1CVE-2006-2392 – PHP Blue Dragon CMS 2.9 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-2392
PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. • https://www.exploit-db.com/exploits/1779 http://secunia.com/advisories/20115 http://www.osvdb.org/25533 http://www.securityfocus.com/bid/17977 http://www.vupen.com/english/advisories/2006/1789 https://exchange.xforce.ibmcloud.com/vulnerabilities/26455 •