Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0400 | 1 Socialengine | 1 Socialengine | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2008-6120 | 1 Socialengine | 1 Socialengine | 2017-08-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter. | |||||
| CVE-2008-6121 | 1 Socialengine | 1 Socialengine | 2017-08-08 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie. | |||||
| CVE-2013-4898 | 2 Socialengine, Webhive | 2 Socialengine, Timeline | 2014-02-21 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/. | |||||