Filtered by vendor Socialengine
Subscribe
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-6721 | 1 Socialengine | 1 Socialengine | 2024-02-04 | 6.8 MEDIUM | 6.3 MEDIUM |
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4. | |||||
CVE-2012-6720 | 1 Socialengine | 1 Socialengine | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*. | |||||
CVE-2013-4898 | 2 Socialengine, Webhive | 2 Socialengine, Timeline | 2024-02-04 | 6.5 MEDIUM | N/A |
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/. | |||||
CVE-2008-6120 | 1 Socialengine | 1 Socialengine | 2024-02-04 | 7.5 HIGH | N/A |
SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter. | |||||
CVE-2009-0400 | 1 Socialengine | 1 Socialengine | 2024-02-04 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
CVE-2008-6121 | 1 Socialengine | 1 Socialengine | 2024-02-04 | 7.5 HIGH | N/A |
CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie. |