Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3297

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3297
Last Modified 29 Jan 2009 01:52:55
Published 25 Jul 2008 09:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3297

Summary

Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.

Vulnerable Systems

Application

  • Social Engine 1.0

  • Social Engine 1.1

  • Social Engine 1.4

  • Social Engine 1.6

  • Social Engine 1.7

  • Social Engine 1.8

  • Social Engine 2.0

  • Social Engine 2.1

  • Social Engine 2.4

  • Social Engine 2.5

  • Social Engine 2.7

  • Social Engine 2.81


References

CONFIRM - http://www.socialengine.net/news.php

XF - socialengine-cookie-sql-injection(43958)

BID - 30342

BUGTRAQ - 20080722 Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw

SREASON - 4035

SECUNIA - 31203


Last Updated: 27 May 2016 10:48:08