Description
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
Remediation
References
Related Vulnerabilities
WordPress Plugin Participants Database SQL Injection (1.5.4.8)
WordPress Plugin Affiliate Press Multiple Cross-Site Scripting Vulnerabilities (0.3.8)
WordPress Plugin WP-Polls Cross-Site Scripting (2.60)
WordPress Plugin HT Slider Range for Amazon affiliates Cross-Site Scripting (1.1.5)
Oracle Application Server CVE-2007-3854 Vulnerability (CVE-2007-3854)