CVE-2014-4333

Dolphin < 7.1.4 - Cross-Site Request Forgery via members[] Parameter

Title source: llm
STIX 2.1

Description

Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/532468/100/0/threaded

Scores

EPSS 0.0094
EPSS Percentile 56.7%

Details

CWE
CWE-352
Status published
Products (15)
boonex/dolphin 7.0.0
boonex/dolphin 7.0.1
boonex/dolphin 7.0.2
boonex/dolphin 7.0.3 (2 CPE variants)
boonex/dolphin 7.0.4
boonex/dolphin 7.0.5
boonex/dolphin 7.0.6
boonex/dolphin 7.0.7
boonex/dolphin 7.0.8
boonex/dolphin 7.0.9
... and 5 more
Published Jun 19, 2014
Tracked Since Feb 18, 2026