CVE-2010-1865

NONE EPSS 75.0%
Published May 7, 201016y ago · Modified Jun 16, 20262w ago
Find Similar
Published May 7, 2010 16y ago
Last Modified Jun 16, 2026 2w ago

Description

Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).

Threat Intelligence

EPSS Exploit Probability
75.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 25

VendorProductVersionRange
csphereclansphere* ≤2009.0.3
csphereclansphere2007any
csphereclansphere2007any
csphereclansphere2007any
csphereclansphere2007.0any
csphereclansphere2007.1any
csphereclansphere2007.2any
csphereclansphere2007.2.1any
csphereclansphere2007.3any
csphereclansphere2007.3.1any
csphereclansphere2007.4any
csphereclansphere2007.4.1any
csphereclansphere2007.4.2any
csphereclansphere2007.4.3any
csphereclansphere2007.4.4any
csphereclansphere2008.0any
csphereclansphere2008.1any
csphereclansphere2008.2any
csphereclansphere2008.2.1any
csphereclansphere2009.0any
csphereclansphere2009.0any
csphereclansphere2009.0any
csphereclansphere2009.0any
csphereclansphere2009.0.1any
csphereclansphere2009.0.2any

References 11

  • osvdb.org http://osvdb.org/64320
  • osvdb.org http://osvdb.org/64321
  • php-security.org http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html
    Exploit
  • php-security.org http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html
    Exploit
  • secunia.com http://secunia.com/advisories/39685
  • trac.clansphere.de http://trac.clansphere.de/csp/changeset/3803/
    ExploitPatch
  • trac.clansphere.de http://trac.clansphere.de/csp/changeset/3808/
    ExploitPatch
  • csphere.eu http://www.csphere.eu/index/news/view/id/487/start/0
  • securityfocus.com http://www.securityfocus.com/bid/39896
  • vupen.com http://www.vupen.com/english/advisories/2010/1066
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/58311

Remediation