RSS   Vulnerabilities for 'Socialengine'   RSS

2020-02-11
 
CVE-2012-6721

CWE-352
 

 
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4.

 
 
CVE-2012-6720

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*.

 
2009-02-03
 
CVE-2009-0400

CWE-89
 

 
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

 
2009-02-11
 
CVE-2008-6121

CWE-20
 

 
CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie.

 
 
CVE-2008-6120

CWE-89
 

 
SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top