CVE-2014-4333

EUVD-2014-4260
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
boonexdolphin
𝑥
≤ 7.1.4
boonexdolphin
7.0.0
boonexdolphin
7.0.1
boonexdolphin
7.0.2
boonexdolphin
7.0.3
boonexdolphin
7.0.3:beta
boonexdolphin
7.0.4
boonexdolphin
7.0.5
boonexdolphin
7.0.6
boonexdolphin
7.0.7
boonexdolphin
7.0.8
boonexdolphin
7.0.9
boonexdolphin
7.1.0
boonexdolphin
7.1.0:b1
boonexdolphin
7.1.0:b2
boonexdolphin
7.1.1
boonexdolphin
7.1.2
boonexdolphin
7.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm
http://www.securityfocus.com/archive/1/532468/100/0/threaded
https://www.htbridge.com/advisory/HTB23216
http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm
http://www.securityfocus.com/archive/1/532468/100/0/threaded
https://www.htbridge.com/advisory/HTB23216