CVE-2014-4333CVE-2014-4333

Affected configuration(s):

cpe:/a:boonex:dolphin:7.0.0
cpe:/a:boonex:dolphin:7.0.1
cpe:/a:boonex:dolphin:7.0.2
cpe:/a:boonex:dolphin:7.0.3
cpe:/a:boonex:dolphin:7.0.3:beta
cpe:/a:boonex:dolphin:7.0.4
cpe:/a:boonex:dolphin:7.0.5
cpe:/a:boonex:dolphin:7.0.6
cpe:/a:boonex:dolphin:7.0.7
cpe:/a:boonex:dolphin:7.0.8
cpe:/a:boonex:dolphin:7.0.9
cpe:/a:boonex:dolphin:7.1.0
cpe:/a:boonex:dolphin:7.1.0:b1
cpe:/a:boonex:dolphin:7.1.0:b2
cpe:/a:boonex:dolphin:7.1.1
cpe:/a:boonex:dolphin:7.1.2
cpe:/a:boonex:dolphin:7.1.3
cpe:/a:boonex:dolphin:7.1.4

Date published: 2014-06-19T10:55:08.130-04:00

Date last modified: 2014-06-20T13:24:43.047-04:00

CVSS Score: 6.8

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm

Summary: Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.