Upgrade Your SocialEngine Website to 4.10.3p5 for Critical Security Patch
A critical security patch has been released by SocialEngine '4.10.3p5', this patch fixes a CSRF vulnerability which allows someone with advanced knowledge the ability to take over an account by changing the email if the website allows HTML and if advanced code were injected to the website due to allowing HTML or iframes. So, SocialEngine recommends not allowing members to add iframes and only allowing HTML to be used by trusted members. This vulnerability issue exists in the current version of SocialEngine PHP as well as in the older versions. So, we would recommend to get this patch applied on an urgent basis.
To get this patch applied on your website, you may opt for our Upgrade to SocialEngine PHP 4.10.3p5 service. Even if your SocialEngine PHP website has customisations, you need not worry about getting the changes overwritten as we will be taking care of this while applying the patch to the website under this service. The customisation done will remain intact even after applying this patch.
To read official blog post of SocialEngine, please visit: http://blog.socialengine.com/2019/01/03/socialengine-php-4-10-3p5-security-release
If you have any Queries! Please feel free to contact us.
