CVE-2008-3297

Published Jul 25, 2008

Last updated 6 years ago

CVSS info 7.5

Overview

Description: Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BFEAB14-2D98-42A6-890A-4FD42FF71D77",
            "versionEndIncluding": "2.81"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8E5CF4B-15F0-4C59-ADCA-9CFCDA95280E"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA0580D5-710E-4538-B184-F0105F547D6E"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC8B9651-72B6-4C1B-ACC1-3831A4322332"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6743DDD0-D0D8-4F56-92B0-FD1352403D41"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8441BA19-ACB8-4B7C-8231-51F00777278E"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D293A92-19D5-432F-BF86-B5907EA16E40"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFA7193F-BA13-416C-A29B-C50977C3AD71"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:2.0:online_beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37C36CEA-CB12-4808-A3E9-38A11987BCD8"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECFAC544-223F-4A4C-B5E6-7D57E6F2CD46"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:2.4:*:se:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2D15D15-278A-4A06-8C65-1D8BC89D27EA"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C7D38E4-CE4D-4CA4-8022-E6C47C559E86"
          },
          {
            "criteria": "cpe:2.3:a:social_engine:social_engine:2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7D6F2A4-47D9-4D5C-A81F-E1316C46113C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References