Unrated severityNVD Advisory· Published Jun 19, 2014· Updated May 6, 2026
CVE-2014-3810
CVE-2014-3810
Description
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
Affected products
18cpe:2.3:a:boonex:dolphin:*:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:boonex:dolphin:*:*:*:*:*:*:*:*range: <=7.1.4
- cpe:2.3:a:boonex:dolphin:7.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.3:beta:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.1.0:b1:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.1.0:b2:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:boonex:dolphin:7.1.3:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- packetstormsecurity.com/files/127148/Dolphin-7.1.4-SQL-Injection.htmlnvdExploit
- www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htmnvdExploitVendor Advisory
- www.htbridge.com/advisory/HTB23216nvdExploit
- www.securityfocus.com/archive/1/532468/100/0/threadednvd
- www.securityfocus.com/bid/68091nvd
News mentions
0No linked articles in our index yet.