Boonex: >> Dolphin >> 7.1.3 Security Vulnerabilities
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
CVSS Score
6.8
EPSS Score
0.002
Published
2014-06-19
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
CVSS Score
6.5
EPSS Score
0.004
Published
2014-06-19