SocialEngine SQL注入漏洞

BUGTRAQ ID: 30342 CNCAN ID：CNCAN-2008072301 SocialEngine是一款基于PHP的WEB应用程序。 SocialEngine不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于脚本对用户提交给WEB参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库 Social Engine Social Engine 2.81 Social Engine Social Engine 2.71 Social Engine Social Engine 2.0 可参考如下补丁： Social Engine Social Engine 2.0 Social Engine socialengine283_patch.zip <a href=http://community.socialengine.net/tutorials/socialengine283_patch.zip target=_blank>http://community.socialengine.net/tutorials/socialengine283_patch.zip</a> Social Engine Social Engine 2.81 Social Engine socialengine283_patch.zip <a href=http://community.socialengine.net/tutorials/socialengine283_patch.zip target=_blank>http://community.socialengine.net/tutorials/socialengine283_patch.zip</a> Social Engine Social Engine 2.71 Social Engine socialengine283_patch.zip <a href=http://community.socialengine.net/tutorials/socialengine283_patch.zip target=_blank>http://community.socialengine.net/tutorials/socialengine283_patch.zip</a>