PT-2026-34664

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this...

SocialEngine SQL Injection Vulnerability

SocialEngine is a PHP-based social networking platform that allows the creation of social networks on websites. An injection vulnerability exists in SocialEngine SQL. Due to insufficient filtering of input passed to the "/index.php" script via the "orderby" HTTP GET parameter, an unauthenticated...