CVE-2014-4333

Name of the Vulnerable Software and Affected Versions Dolphin versions 7.1.4 and earlier

Description A cross-site request forgery (CSRF) issue allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the members[] parameter.

Recommendations For Dolphin versions 7.1.4 and earlier, update to a version later than 7.1.4 to resolve the issue. As a temporary workaround, consider restricting access to the administration/profiles.php page to minimize the risk of exploitation. Avoid using the members[] parameter in the affected page until the issue is resolved.