socialengine 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は vendor risk cross-site scripting、vendor risk csrf, and vendor risk ssrf に関連することが多く、vendor surface software deployment and vendor surface production workloads の文脈で vendor impact data exposure and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-41461 | SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers can supply arbitrary URLs including internal network addresses and loopback addresses to cause the server to issue HTTP requests to attacker-controlled destinations, enabling internal network enumeration | [email protected] | 6.3 | 0.05% | 2026-04-23 | 2026-04-29 |
| CVE-2026-41460 | SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary data from the database, reset administrator account passwords, and gain unauthorized access to the Packages Manager in the Admin Panel, potentially enabling remote code executio | [email protected] | 9.3 | 0.46% | 2026-04-23 | 2026-04-29 |
| CVE-2012-6721 | Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) Forum, (2) Event, and (3) Classifieds plugins in SocialEngine before 4.2.4. | [email protected] | 6.3 | 0.05% | 2020-02-11 | 2024-11-21 |
| CVE-2012-6720 | Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*. | [email protected] | 6.1 | 0.22% | 2020-02-11 | 2024-11-21 |
| CVE-2008-6121 | CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie. | [email protected] | 7.5 | 0.52% | 2009-02-11 | 2026-04-23 |
| CVE-2008-6120 | SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter. | [email protected] | 7.5 | 0.35% | 2009-02-11 | 2026-04-23 |
| CVE-2009-0400 | SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | [email protected] | 6.8 | 0.74% | 2009-02-03 | 2026-04-23 |