• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SocialEngine HTTP Response Splitting and SQL-injection Vulnerabilities

SocialEngine is prone to an HTTP response-splitting vulnerability and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attackers can leverage these issues to influence or misrepresent how web content is served, cached, or interpreted, to compromise the application, to access or modify data, or to exploit latent vulnerabilities in the underlying database.

SocialEngine 2.7 is vulnerable; other versions may also be affected.