Description
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
Remediation
References
Related Vulnerabilities
WordPress Plugin Import all XML, CSV & TXT into WordPress Multiple Vulnerabilities (6.5.7)
Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3518)
WordPress Plugin Order Export & Order Import for WooCommerce Information Disclosure (1.0.8)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-6662)