SQL Injection Vulnerability in SocialEngine by Webligo Developments
CVE-2008-6120

Currently unrated

Key Information:

Vendor: Socialengine
Status: Socialengine
Vendor: CVE Published:; 11 February 2009

🔔 Create Socialengine Vulnerability Alert

What is CVE-2008-6120?

A SQL injection flaw exists in the profile_comments.php file of SocialEngine versions up to 2.7, allowing remote attackers to issue arbitrary SQL commands through the 'comment_secure' parameter. This vulnerability can lead to unauthorized access to sensitive data and manipulation of the backend database, highlighting the need for rigorous input validation and security practices in web applications.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/46770

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=122720734728665&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/32382

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 11, 2009
Vulnerability Reserved
Feb 11, 2009

CVE-2008-6120 Data

JSON