CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
73.3%
SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.
Vendor | Product | Version | CPE |
---|---|---|---|
social_engine | social_engine | * | cpe:2.3:a:social_engine:social_engine:*:*:*:*:*:*:*:* |
social_engine | social_engine | 1.0 | cpe:2.3:a:social_engine:social_engine:1.0:*:*:*:*:*:*:* |
social_engine | social_engine | 1.1 | cpe:2.3:a:social_engine:social_engine:1.1:*:*:*:*:*:*:* |
social_engine | social_engine | 1.4 | cpe:2.3:a:social_engine:social_engine:1.4:*:*:*:*:*:*:* |
social_engine | social_engine | 1.6 | cpe:2.3:a:social_engine:social_engine:1.6:*:*:*:*:*:*:* |
social_engine | social_engine | 1.7 | cpe:2.3:a:social_engine:social_engine:1.7:*:*:*:*:*:*:* |
social_engine | social_engine | 1.8 | cpe:2.3:a:social_engine:social_engine:1.8:*:*:*:*:*:*:* |
social_engine | social_engine | 2.0 | cpe:2.3:a:social_engine:social_engine:2.0:*:*:*:*:*:*:* |
social_engine | social_engine | 2.0 | cpe:2.3:a:social_engine:social_engine:2.0:online_beta:*:*:*:*:*:* |
social_engine | social_engine | 2.1 | cpe:2.3:a:social_engine:social_engine:2.1:*:*:*:*:*:*:* |