Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3298

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-3298
Last Modified 29 Jan 2009 01:52:55
Published 25 Jul 2008 09:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-3298

Summary

SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.

Vulnerable Systems

Application

  • Social Engine 1.0

  • Social Engine 1.1

  • Social Engine 1.4

  • Social Engine 1.6

  • Social Engine 1.7

  • Social Engine 1.8

  • Social Engine 2.0

  • Social Engine 2.1

  • Social Engine 2.4

  • Social Engine 2.5

  • Social Engine 2.7

  • Social Engine 2.81


References

CONFIRM - http://www.socialengine.net/news.php

XF - socialengine-template-code-execution(43959)

BUGTRAQ - 20080722 Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw

SREASON - 4035

SECUNIA - 31203


Last Updated: 27 May 2016 10:48:09