Lucene search
HistoryJun 19, 2014 - 2:55 p.m.
CVE-2014-3810
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.003
Percentile
70.4%
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
Affected configurations
Node
boonexdolphinRange≤7.1.4
ORboonexdolphinMatch7.0.0
ORboonexdolphinMatch7.0.1
ORboonexdolphinMatch7.0.2
ORboonexdolphinMatch7.0.3
ORboonexdolphinMatch7.0.3beta
ORboonexdolphinMatch7.0.4
ORboonexdolphinMatch7.0.5
ORboonexdolphinMatch7.0.6
ORboonexdolphinMatch7.0.7
ORboonexdolphinMatch7.0.8
ORboonexdolphinMatch7.0.9
ORboonexdolphinMatch7.1.0
ORboonexdolphinMatch7.1.0b1
ORboonexdolphinMatch7.1.0b2
ORboonexdolphinMatch7.1.1
ORboonexdolphinMatch7.1.2
ORboonexdolphinMatch7.1.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| boonex | dolphin | * | cpe:2.3:a:boonex:dolphin:*:*:*:*:*:*:*:* |
| boonex | dolphin | 7.0.0 | cpe:2.3:a:boonex:dolphin:7.0.0:*:*:*:*:*:*:* |
| boonex | dolphin | 7.0.1 | cpe:2.3:a:boonex:dolphin:7.0.1:*:*:*:*:*:*:* |
| boonex | dolphin | 7.0.2 | cpe:2.3:a:boonex:dolphin:7.0.2:*:*:*:*:*:*:* |
| boonex | dolphin | 7.0.3 | cpe:2.3:a:boonex:dolphin:7.0.3:*:*:*:*:*:*:* |
| boonex | dolphin | 7.0.3 | cpe:2.3:a:boonex:dolphin:7.0.3:beta:*:*:*:*:*:* |
| boonex | dolphin | 7.0.4 | cpe:2.3:a:boonex:dolphin:7.0.4:*:*:*:*:*:*:* |
| boonex | dolphin | 7.0.5 | cpe:2.3:a:boonex:dolphin:7.0.5:*:*:*:*:*:*:* |
| boonex | dolphin | 7.0.6 | cpe:2.3:a:boonex:dolphin:7.0.6:*:*:*:*:*:*:* |
| boonex | dolphin | 7.0.7 | cpe:2.3:a:boonex:dolphin:7.0.7:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2014-4333
2014-06-19 14:55:08
CVE-2014-3810
2014-06-19 14:55:07
prion
prion
Sql injection
2014-06-19 14:55:00
Cross site request forgery (csrf)
2014-06-19 14:55:00
cvelist
cvelist
CVE-2014-4333
2014-06-19 14:00:00
CVE-2014-3810
2014-06-19 14:00:00
nvd
nvd
CVE-2014-4333
2014-06-19 14:55:08
packetstorm
packetstorm
Dolphin 7.1.4 SQL Injection
2014-06-18 00:00:00
securityvulns
securityvulns
SQL Injection in Dolphin
2014-10-15 00:00:00
htbridge
htbridge
SQL Injection in Dolphin | HTB23216
2014-05-21 00:00:00
zdt
zdt
Dolphin 7.1.4 SQL Injection Vulnerability
2014-06-19 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.003
Percentile
70.4%
Related for NVD:CVE-2014-3810