Lucene search

MitreCVE-2008-3298

HistoryJul 25, 2008 - 1:41 p.m.

CVE-2008-3298

2008-07-2513:41:00

CWE-94

mitre

web.nvd.nist.gov

cve-2008-3298

socialengine

template

write privilege

remote code execution

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON

SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.

Affected configurations

Nvd

Node

social_enginesocial_engineRange≤2.81

social_enginesocial_engineMatch1.0

social_enginesocial_engineMatch1.1

social_enginesocial_engineMatch1.4

social_enginesocial_engineMatch1.6

social_enginesocial_engineMatch1.7

social_enginesocial_engineMatch1.8

social_enginesocial_engineMatch2.0

social_enginesocial_engineMatch2.0online_beta

social_enginesocial_engineMatch2.1

social_enginesocial_engineMatch2.4se

social_enginesocial_engineMatch2.5

social_enginesocial_engineMatch2.7

VendorProductVersionCPE
social_enginesocial_engine*cpe:2.3:a:social_engine:social_engine:*:*:*:*:*:*:*:*
social_enginesocial_engine1.0cpe:2.3:a:social_engine:social_engine:1.0:*:*:*:*:*:*:*
social_enginesocial_engine1.1cpe:2.3:a:social_engine:social_engine:1.1:*:*:*:*:*:*:*
social_enginesocial_engine1.4cpe:2.3:a:social_engine:social_engine:1.4:*:*:*:*:*:*:*
social_enginesocial_engine1.6cpe:2.3:a:social_engine:social_engine:1.6:*:*:*:*:*:*:*
social_enginesocial_engine1.7cpe:2.3:a:social_engine:social_engine:1.7:*:*:*:*:*:*:*
social_enginesocial_engine1.8cpe:2.3:a:social_engine:social_engine:1.8:*:*:*:*:*:*:*
social_enginesocial_engine2.0cpe:2.3:a:social_engine:social_engine:2.0:*:*:*:*:*:*:*
social_enginesocial_engine2.0cpe:2.3:a:social_engine:social_engine:2.0:online_beta:*:*:*:*:*:*
social_enginesocial_engine2.1cpe:2.3:a:social_engine:social_engine:2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
social_engine	social_engine	*	cpe:2.3:a:social_engine:social_engine::::::::
social_engine	social_engine	1.0	cpe:2.3:a:social_engine:social_engine:1.0:::::::*
social_engine	social_engine	1.1	cpe:2.3:a:social_engine:social_engine:1.1:::::::*
social_engine	social_engine	1.4	cpe:2.3:a:social_engine:social_engine:1.4:::::::*
social_engine	social_engine	1.6	cpe:2.3:a:social_engine:social_engine:1.6:::::::*
social_engine	social_engine	1.7	cpe:2.3:a:social_engine:social_engine:1.7:::::::*
social_engine	social_engine	1.8	cpe:2.3:a:social_engine:social_engine:1.8:::::::*
social_engine	social_engine	2.0	cpe:2.3:a:social_engine:social_engine:2.0:::::::*
social_engine	social_engine	2.0	cpe:2.3:a:social_engine:social_engine:2.0:online_beta::::::
social_engine	social_engine	2.1	cpe:2.3:a:social_engine:social_engine:2.1:::::::*

Rows per page:

1-10 of 131

References

secunia.com/advisories/31203

securityreason.com/securityalert/4035

www.securityfocus.com/archive/1/494638/100/0/threaded

www.socialengine.net/news.php

exchange.xforce.ibmcloud.com/vulnerabilities/43959

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.004

Percentile

73.3%

JSON

Related for CVE-2008-3298