Dolphin <= 7.0.7 PHP Code Injection Vulnerability

Description:

Dolphin contains a flaw which allows a remote attacker to inject and execute arbitrary PHP code. The issue is due to user-supplied input passed through the ‘bubbles’ parameter to the member_menu_queries.php script isn’t properly sanitized before being used in a call to the eval() PHP function.

References:

BID-50185
EDB-17994

Disclosure Date:

October 18, 2011