Dolphin <= 7.0.7 PHP Code Injection Vulnerability


Dolphin contains a flaw which allows a remote attacker to inject and execute arbitrary PHP code. The issue is due to user-supplied input passed through the ‘bubbles’ parameter to the member_menu_queries.php script isn’t properly sanitized before being used in a call to the eval() PHP function.


Disclosure Date:

October 18, 2011