SQL Injection in SocialEngine Allows Arbitrary SQL Command Execution
CVE-2009-0400

Currently unrated

Key Information:

Vendor: Socialengine
Status: Socialengine
Vendor: CVE Published:; 3 February 2009

🔔 Create Socialengine Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-0400?

A SQL injection vulnerability exists in the blog.php file of SocialEngine 3.06, allowing remote attackers to execute arbitrary SQL commands through manipulation of the category_id parameter. This can lead to unauthorized access to the database, data manipulation, or extraction of sensitive information. Proper validation and sanitization of user inputs are essential to mitigate this risk and safeguard the application.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-0400 - Proof of Concept

References

http://www.securityfocus.com/bid/33495

vdb-entryx_refsource_BID

http://secunia.com/advisories/33701

third-party-advisoryx_refsource_SECUNIA

https://www.exploit-db.com/exploits/7900

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 3, 2009
👾
Exploit known to exist
Feb 3, 2009
Vulnerability published
Feb 3, 2009
Vulnerability Reserved
Feb 3, 2009

CVE-2009-0400 Data

JSON