Webligo Developments · Socialengine · CVE-2008-3297
Name of the Vulnerable Software and Affected Versions:
SocialEngine versions prior to 2.83
Description:
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via an `se user` cookie to the "include/class user.php" endpoint or an `se admin` cookie to the "include/class admin.php" endpoint.
Recommendations:
For versions prior to 2.83, update to version 2.83 or later to resolve the issue. As a temporary workaround, consider restricting access to the `include/class user.php` and `include/class admin.php` endpoints until the update is applied. Avoid using the `se user` and `se admin` cookies in these endpoints until the issue is resolved.