4 matches found
EUVD-2014-3748
Malware in sbrugna...
Sql injection
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333...
CVE-2014-3810
Dolphin (BoonEx)
CVE-2014-4333
BoonEx Dolphin 7.1.4 and earlier contains a CSRF vulnerability in administration/profiles.php that enables remote attackers to hijack administrator sessions for requests that trigger an SQL injection via the members[] parameter. The issue is related to CVE-2014-3810, which confirms an SQL injecti...