Lucene search

PRIOn knowledge basePRION:CVE-2010-1865

HistoryMay 07, 2010 - 11:00 p.m.

Sql injection

2010-05-0723:00:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).

CPENameOperatorVersion
clansphereeq2007.4.3
clansphereeq2007.4.1
clansphereeq2008.2.1
clansphereeq2007.0
clansphereeq2008.1
clansphereeq2007.4.4
clansphereeq2007 rc2
clansphereeq2009.0
clansphereeq2007.3.1
clansphereeq2007.4.2

Name	Operator	Version
clansphere	eq	2007.4.3
clansphere	eq	2007.4.1
clansphere	eq	2008.2.1
clansphere	eq	2007.0
clansphere	eq	2008.1
clansphere	eq	2007.4.4
clansphere	eq	2007 rc2
clansphere	eq	2009.0
clansphere	eq	2007.3.1
clansphere	eq	2007.4.2

Rows per page:

1-10 of 251

References

osvdb.org/64320

osvdb.org/64321

php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html

php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html

secunia.com/advisories/39685

trac.clansphere.de/csp/changeset/3803/

trac.clansphere.de/csp/changeset/3808/

www.csphere.eu/index/news/view/id/487/start/0

www.securityfocus.com/bid/39896

www.vupen.com/english/advisories/2010/1066

exchange.xforce.ibmcloud.com/vulnerabilities/58311