Описание
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
Ссылки
- ExploitVendor Advisory
- Exploit
- ExploitVendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 7.1.4 (включая)
Одно из
cpe:2.3:a:boonex:dolphin:*:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.0.3:beta:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.1.0:b1:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.1.0:b2:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.1.2:*:*:*:*:*:*:*
cpe:2.3:a:boonex:dolphin:7.1.3:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00216
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in administration/profiles.php in Dolphin 7.1.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter, related to CVE-2014-3810.
EPSS
Процентиль: 44%
0.00216
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-352