Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
Max CVSS
6.8
EPSS Score
0.26%
Published
2014-06-19
Updated
2018-10-09
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
Max CVSS
6.5
EPSS Score
0.30%
Published
2014-06-19
Updated
2018-10-09
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.
Max CVSS
8.8
EPSS Score
0.11%
Published
2020-02-06
Updated
2020-02-12
3 vulnerabilities found