6
CVE-2008-3298
- EPSS 0.57%
- Veröffentlicht 25.07.2008 13:41:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSocialEngine (SE) before 2.83 grants certain write privileges for templates, which allows remote authenticated administrators to execute arbitrary PHP code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Social Engine ≫ Social Engine Version <= 2.81
Social Engine ≫ Social Engine Version1.0
Social Engine ≫ Social Engine Version1.1
Social Engine ≫ Social Engine Version1.4
Social Engine ≫ Social Engine Version1.6
Social Engine ≫ Social Engine Version1.7
Social Engine ≫ Social Engine Version1.8
Social Engine ≫ Social Engine Version2.0
Social Engine ≫ Social Engine Version2.0 Updateonline_beta
Social Engine ≫ Social Engine Version2.1
Social Engine ≫ Social Engine Version2.4 Editionse
Social Engine ≫ Social Engine Version2.5
Social Engine ≫ Social Engine Version2.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.57% | 0.684 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.