CVE-2014-4333
Dolphin < 7.1.4 - Cross-Site Request Forgery via members[] Parameter
Title source: llmDescription
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532468/100/0/threaded
Exploit x_refsource_misc
https://www.htbridge.com/advisory/HTB23216
Exploit, Vendor Advisory x_refsource_confirm
http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm
Scores
EPSS
0.0094
EPSS Percentile
56.7%
Details
CWE
CWE-352
Status
published
Products (15)
boonex/dolphin
7.0.0
boonex/dolphin
7.0.1
boonex/dolphin
7.0.2
boonex/dolphin
7.0.3 (2 CPE variants)
boonex/dolphin
7.0.4
boonex/dolphin
7.0.5
boonex/dolphin
7.0.6
boonex/dolphin
7.0.7
boonex/dolphin
7.0.8
boonex/dolphin
7.0.9
... and 5 more
Published
Jun 19, 2014
Tracked Since
Feb 18, 2026