Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Dolphin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3810)

Description

SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.

Remediation

References

Related Vulnerabilities

WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)

Django Improper Input Validation Vulnerability (CVE-2019-3498)

WordPress Plugin Check & Log Email Cross-Site Scripting (0.5.1)

WordPress Plugin LearnDash LMS Insecure Direct Object Reference (4.6.0)

WordPress 4.0.x Possible SQL Injection Vulnerability (4.0 - 4.0.19)

Severity

Medium

Classification

CVE-2014-3810 CWE-138

Tags

Missing Update Known Vulnerabilities