Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
Max CVSS
6.8
EPSS Score
0.26%
Published
2014-06-19
Updated
2018-10-09
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
Max CVSS
6.5
EPSS Score
0.30%
Published
2014-06-19
Updated
2018-10-09
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.
Max CVSS
8.8
EPSS Score
0.11%
Published
2020-02-06
Updated
2020-02-12
Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) explain parameter to explanation.php or the (2) photos_only, (3) online_only, or (4) mode parameters to viewFriends.php.
Max CVSS
4.3
EPSS Score
1.65%
Published
2012-02-23
Updated
2012-02-24
4 vulnerabilities found