Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by dolphinphp_project
CVE-2023-0935 (GCVE-0-2023-0935)
Vulnerability from cvelistv5 – Published: 2023-02-21 09:19 – Updated: 2025-03-12 13:34
VLAI?
Title
DolphinPHP Incomplete Fix CVE-2021-46097 common.php os command injection
Summary
A vulnerability was found in DolphinPHP up to 1.5.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file common.php of the component Incomplete Fix CVE-2021-46097. The manipulation of the argument id leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221551.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | DolphinPHP |
Affected:
1.5.0
Affected: 1.5.1 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:44.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.221551"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.221551"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/ssteveez/dolphin/blob/main/README.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-0935",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T13:34:04.526207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T13:34:29.443Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Incomplete Fix CVE-2021-46097"
],
"product": "DolphinPHP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.5.0"
},
{
"status": "affected",
"version": "1.5.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "bydsteve (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DolphinPHP up to 1.5.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file common.php of the component Incomplete Fix CVE-2021-46097. The manipulation of the argument id leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221551."
},
{
"lang": "de",
"value": "In DolphinPHP bis 1.5.1 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei common.php der Komponente Incomplete Fix CVE-2021-46097. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T21:32:16.211Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.221551"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.221551"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/ssteveez/dolphin/blob/main/README.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-02-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-02-21T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-02-21T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-03-23T15:37:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "DolphinPHP Incomplete Fix CVE-2021-46097 common.php os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-0935",
"datePublished": "2023-02-21T09:19:03.687Z",
"dateReserved": "2023-02-21T09:15:49.395Z",
"dateUpdated": "2025-03-12T13:34:29.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37254 (GCVE-0-2022-37254)
Vulnerability from cvelistv5 – Published: 2022-08-19 16:45 – Updated: 2024-08-03 10:29
VLAI?
Summary
DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.566Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/caiweiming/DolphinPHP/issues/42"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - \u003e System - \u003e system function - \u003e configuration management."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-19T16:45:49.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/caiweiming/DolphinPHP/issues/42"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - \u003e System - \u003e system function - \u003e configuration management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/caiweiming/DolphinPHP/issues/42",
"refsource": "MISC",
"url": "https://github.com/caiweiming/DolphinPHP/issues/42"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37254",
"datePublished": "2022-08-19T16:45:49.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:20.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1086 (GCVE-0-2022-1086)
Vulnerability from cvelistv5 – Published: 2022-03-29 05:50 – Updated: 2025-04-15 14:42
VLAI?
Title
DolphinPHP User Management Page cross site scripting
Summary
A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| unspecified | DolphinPHP |
Affected:
1.0
Affected: 1.1 Affected: 1.2 Affected: 1.3 Affected: 1.4 Affected: 1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:47:43.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.195368"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1086",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:14:12.968224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:42:50.076Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DolphinPHP",
"vendor": "unspecified",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-29T05:50:53.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.195368"
}
],
"title": "DolphinPHP User Management Page cross site scripting",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2022-1086",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "DolphinPHP User Management Page cross site scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DolphinPHP",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.3"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in DolphinPHP up to 1.5.0 and classified as problematic. Affected by this issue is the User Management Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "3.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md",
"refsource": "MISC",
"url": "https://github.com/xiahao90/CVEproject/blob/main/DolphinPHPV1.5.0_xss.md"
},
{
"name": "https://vuldb.com/?id.195368",
"refsource": "MISC",
"url": "https://vuldb.com/?id.195368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-1086",
"datePublished": "2022-03-29T05:50:53.000Z",
"dateReserved": "2022-03-25T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:42:50.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}