Vulnerabilities (CVE)

Filtered by vendor Socialengine Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-6721 1 Socialengine 1 Socialengine 2024-02-04 6.8 MEDIUM 6.3 MEDIUM
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4.
CVE-2012-6720 1 Socialengine 1 Socialengine 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*.
CVE-2013-4898 2 Socialengine, Webhive 2 Socialengine, Timeline 2024-02-04 6.5 MEDIUM N/A
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.
CVE-2008-6120 1 Socialengine 1 Socialengine 2024-02-04 7.5 HIGH N/A
SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter.
CVE-2009-0400 1 Socialengine 1 Socialengine 2024-02-04 6.8 MEDIUM N/A
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
CVE-2008-6121 1 Socialengine 1 Socialengine 2024-02-04 7.5 HIGH N/A
CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie.