Social Engine: >> Social Engine >> 2.7 Security Vulnerabilities
Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
CVSS Score
7.5
EPSS Score
0.007
Published
2008-07-25
SocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.
CVSS Score
6.0
EPSS Score
0.008
Published
2008-07-25