CVE-2008-6120

CVE-2008-6120 is a published SQL injection vulnerability in SocialEngine (SE) 2.7 and earlier. The flaw exists in profile_comments.php via the comment_secure parameter, enabling remote attackers to execute arbitrary SQL commands. The NVD records a CVSSv2 base score of 7.5 (HIGH) with network atta...

SocialEngine Blog Plugin category_id Parameter SQL Injection

The remote host is running SocialEngine, a PHP-based social network platform. The version of the Blog plugin for SocialEngine installed on the remote host fails to sanitize input to the 'categoryid' parameter of the 'blog.php' script before using it to construct database queries. Regardless of...

Sql injection

SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the categoryid parameter...

CVE-2009-0400

SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the categoryid parameter...

CVE-2009-0400

SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the categoryid parameter...

CVE-2009-0400

CVE-2009-0400 is an SQL injection in SocialEngine’s Blog Plugin (blog.php) via the category_id parameter. The vulnerability affects SocialEngine 3.06 trial and allows an unauthenticated remote attacker to manipulate database queries, potentially leading to sensitive information disclosure or data...

SocialEngine category_id SQL注入漏洞

SocialEngine是基于PHP的社会网络平台，允许在网站上创建社会网络。 SocialEngine的Blog功能实现上存在输入验证漏洞，远程攻击者可能利用此漏洞非授权访问操作数据库。 SocialEngine的blog.php脚本没有正确地过滤对categoryid参数所传送的输入便用在了SQL查询中，远程攻击者可以通过提交恶意请求执行SQL注入攻击。安装了Blog插件的SocialEngine系统受此漏洞影响。 Webligo Developments SocialEngine 3.x 厂商补丁： Webligo Developments --------------------...

Sql injection

Multiple SQL injection vulnerabilities in SocialEngine SE before 2.83 allow remote attackers to execute arbitrary SQL commands via 1 an seuser cookie to include/classuser.php or 2 an seadmin cookie to include/classadmin.php...

Code injection

SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...

CVE-2008-3298

SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...

CVE-2008-3297

Multiple SQL injection vulnerabilities in SocialEngine SE before 2.83 allow remote attackers to execute arbitrary SQL commands via 1 an seuser cookie to include/classuser.php or 2 an seadmin cookie to include/classadmin.php...

CVE-2008-3297

Multiple SQL injection vulnerabilities in SocialEngine SE before 2.83 allow remote attackers to execute arbitrary SQL commands via 1 an seuser cookie to include/classuser.php or 2 an seadmin cookie to include/classadmin.php...

CVE-2008-3298

SocialEngine SE before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code...

CVE-2008-3298

SocialEngine (SE) prior to 2.83 is affected. The vulnerability arises from write privileges for templates, enabling remote authenticated administrators to execute arbitrary PHP code. There is no remediation detail provided in the supplied documents. Impact is limited to code execution by privileg...

CVE-2008-3297

SocialEngine (SE) is affected by multiple SQL injection vulnerabilities in versions prior to 2.83. The flaws allow remote attackers to inject arbitrary SQL commands via cookies: (1) se_user cookie used with include/class_user.php, or (2) se_admin cookie used with include/class_admin.php. The issu...

SocialEngine多个SQL注入漏洞

BUGTRAQ ID: 30342 SocialEngine是基于PHP的社会网络平台，允许在网站上创建社会网络。 在客户端认证期间，include/classuser.php文件没有正确地验证对seuser cookie参数的输入，include/classadmin.php文件没有正确的验证对seadmin参数的输入，这允许远程攻击者执行SQL注入攻击，无需有效的管理员凭据便以管理权限登录；此外SocialEngine没有正确地验证对模板数据的输入便储存到了模板中，远程攻击者可以注入并执行恶意PHP代码，导致完全控制服务器。 Webligo Developments...

SocialEngine SQL注入漏洞

BUGTRAQ ID: 30342 CNCAN ID：CNCAN-2008072301 SocialEngine是一款基于PHP的WEB应用程序。 SocialEngine不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于脚本对用户提交给WEB参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库 Social Engine Social Engine 2.81 Social Engine Social Engine 2.71 Social Engine Social Engine 2.0...

Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw

SECURITY ADVISORY CS-2008-2 Vulnerability: Improper validation of external parameters Vendor: SocialEngine http://www.socialengine.net Affected versions: 2.83 Risk: High I. DESCRIPTION Improper validation of browser cookies leads to complete control over client host. II. BACKGROUND During client...