Vulnerability Description
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Boonex | Dolphin | <= 7.1.4 |
Related Weaknesses (CWE)
References
- http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-DolphinExploitVendor Advisory
- http://www.securityfocus.com/archive/1/532468/100/0/threaded
- https://www.htbridge.com/advisory/HTB23216Exploit
- http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-DolphinExploitVendor Advisory
- http://www.securityfocus.com/archive/1/532468/100/0/threaded
- https://www.htbridge.com/advisory/HTB23216Exploit
FAQ
What is CVE-2014-4333?
CVE-2014-4333 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that con...
How severe is CVE-2014-4333?
CVE-2014-4333 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4333?
Check the references section above for vendor advisories and patch information. Affected products include: Boonex Dolphin.