Social Engine » Social Engine » 2.4 se : Security Vulnerabilities, CVEs,
SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.
Max CVSS
6.0
EPSS Score
0.35%
Published
2008-07-25
Updated
2018-10-11
Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
Max CVSS
7.5
EPSS Score
0.55%
Published
2008-07-25
Updated
2018-10-11
2 vulnerabilities found