Tim Loshak

Name of the Vulnerable Software and Affected Versions: SocialEngine versions prior to 2.83 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via an `se user` cookie to the "include/class user.php" endpoint or an `se admin` cookie to the "include/class admin.php" endpoint. Recommendations: For versions prior to 2.83, update to version 2.83 or later to resolve the issue. As a temporary workaround, consider restricting access to the `include/class user.php` and `include/class admin.php` endpoints until the update is applied. Avoid using the `se user` and `se admin` cookies in these endpoints until the issue is resolved.