6.8

CVE-2014-4333

Exploit
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BoonexDolphin Version <= 7.1.4
BoonexDolphin Version7.0.0
BoonexDolphin Version7.0.1
BoonexDolphin Version7.0.2
BoonexDolphin Version7.0.3
BoonexDolphin Version7.0.3 Updatebeta
BoonexDolphin Version7.0.4
BoonexDolphin Version7.0.5
BoonexDolphin Version7.0.6
BoonexDolphin Version7.0.7
BoonexDolphin Version7.0.8
BoonexDolphin Version7.0.9
BoonexDolphin Version7.1.0
BoonexDolphin Version7.1.0 Updateb1
BoonexDolphin Version7.1.0 Updateb2
BoonexDolphin Version7.1.1
BoonexDolphin Version7.1.2
BoonexDolphin Version7.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.94% 0.562
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm
Vendor Advisory
Exploit
http://www.securityfocus.com/archive/1/532468/100/0/threaded
https://www.htbridge.com/advisory/HTB23216
Exploit