CVE-2014-4333
published 2014-06-19CVE-2014-4333: Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the…
PriorityP427medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
0.94%
56.4th percentile
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| boonex | dolphin | <= 7.1.4 | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
| boonex | dolphin | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4jqx-c8xq-4m8x: Cross-site request forgery (CSRF) vulnerability in administration/profiles
ghsa_unreviewed·2022-05-14·CVSS 6.5
CVE-2014-4333 [MEDIUM] CWE-352 GHSA-4jqx-c8xq-4m8x: Cross-site request forgery (CSRF) vulnerability in administration/profiles
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
GHSA
GHSA-8f4w-786j-j288: SQL injection vulnerability in administration/profiles
ghsa_unreviewed·2022-05-14·CVSS 6.8
CVE-2014-3810 [MEDIUM] CWE-89 GHSA-8f4w-786j-j288: SQL injection vulnerability in administration/profiles
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htmhttp://www.securityfocus.com/archive/1/532468/100/0/threadedhttps://www.htbridge.com/advisory/HTB23216http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htmhttp://www.securityfocus.com/archive/1/532468/100/0/threadedhttps://www.htbridge.com/advisory/HTB23216
2014-06-19
Published