Boonex Dolphin 'profiles. php' SQL Injection Vulnerability
Release date:
Updated on:
Affected Systems:
Boonex doldolphin <= 7.1.4
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68091
CVE (CAN) ID: CVE-2014-3810
Boonex doldolphin is a software platform for building social networks and online communities.
Boonex doldolphin 7.1.4 and other versions do not effectively filter "/administration/profiles. php "script" members "http post parameter value. authenticated remote administrators can send specially crafted http post requests to affected scripts and execute arbitrary SQL commands in the application database.
<* Source: High-Tech Bridge Security Research Lab
Link: http://seclists.org/bugtraq/2014/Jun/130
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Boonex
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.boonex.com/forums/topic/Medium-Risk-Security-Vulnerability-in-Dolphin-7-1.htm
This article permanently updates the link address: