CVE-2010-1865 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).

Reference

http://osvdb.org/64320 http://osvdb.org/64321 http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html http://secunia.com/advisories/39685 http://trac.clansphere.de/csp/changeset/3803/ http://trac.clansphere.de/csp/changeset/3808/ http://www.csphere.eu/index/news/view/id/487/start/0 http://www.securityfocus.com/bid/39896 http://www.vupen.com/english/advisories/2010/1066 https://exchange.xforce.ibmcloud.com/vulnerabilities/58311

Share on: