top of page
perceptive_background_267k.jpg

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via t…

Published:

22 April 2026 at 22:00:00

Alert date:

23 April 2026 at 17:04:31

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where the text parameter is not properly sanitized. Unauthenticated remote attackers can exploit this to read arbitrary database data, reset administrator passwords, and gain unauthorized access to the Admin Panel's Packages Manager. This access potentially enables remote code execution on affected systems. The vulnerability affects the activity index endpoint and allows complete compromise of SocialEngine installations.

Technical details

Mitigation steps:

Affected products:

SocialEngine

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41460
https://karmainsecurity.com/KIS-2026-08
https://socialengine.com
https://www.vulncheck.com/advisories/socialengine-sql-injection-via-activity-index-get-memberall
https://karmainsecurity.com/pocs/CVE-2026-41460.php

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page