CVE-2008-3167

Name of the Vulnerable Software and Affected Versions: BoonEx Dolphin version 6.1.2

Description: The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This can be achieved via a URL in the dir[plugins] parameter to HTMLSax3.php and safehtml.php in plugins/safehtml/, and the sIncPath parameter to ray/modules/global/inc/content.inc.php.

Recommendations: For BoonEx Dolphin version 6.1.2, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the dir[plugins] and sIncPath parameters in the affected files until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved.