Lucene search

[email protected]CVE-2010-1865

HistoryMay 07, 2010 - 11:00 p.m.

CVE-2010-1865

2010-05-0723:00:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-1865

sql injection

clansphere

remote attack

security vulnerability

nvd

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.6%

JSON

Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).

Affected configurations

NVD

Node

csphereclansphereRange≤2009.0.3

csphereclansphereMatch2007rc1

csphereclansphereMatch2007rc2

csphereclansphereMatch2007rc3

csphereclansphereMatch2007.0

csphereclansphereMatch2007.1

csphereclansphereMatch2007.2

csphereclansphereMatch2007.2.1

csphereclansphereMatch2007.3

csphereclansphereMatch2007.3.1

csphereclansphereMatch2007.4

csphereclansphereMatch2007.4.1

csphereclansphereMatch2007.4.2

csphereclansphereMatch2007.4.3

csphereclansphereMatch2007.4.4

csphereclansphereMatch2008.0

csphereclansphereMatch2008.1

csphereclansphereMatch2008.2

csphereclansphereMatch2008.2.1

csphereclansphereMatch2009.0

csphereclansphereMatch2009.0rc1

csphereclansphereMatch2009.0rc2

csphereclansphereMatch2009.0rc3

csphereclansphereMatch2009.0.1

csphereclansphereMatch2009.0.2

CPENameOperatorVersion
csphere:clanspherecsphere clanspherele2009.0.3
csphere:clanspherecsphere clansphereeq2007
csphere:clanspherecsphere clansphereeq2007.0
csphere:clanspherecsphere clansphereeq2007.1
csphere:clanspherecsphere clansphereeq2007.2
csphere:clanspherecsphere clansphereeq2007.2.1
csphere:clanspherecsphere clansphereeq2007.3
csphere:clanspherecsphere clansphereeq2007.3.1
csphere:clanspherecsphere clansphereeq2007.4
csphere:clanspherecsphere clansphereeq2007.4.1

CPE	Name	Operator	Version
csphere:clansphere	csphere clansphere	le	2009.0.3
csphere:clansphere	csphere clansphere	eq	2007
csphere:clansphere	csphere clansphere	eq	2007.0
csphere:clansphere	csphere clansphere	eq	2007.1
csphere:clansphere	csphere clansphere	eq	2007.2
csphere:clansphere	csphere clansphere	eq	2007.2.1
csphere:clansphere	csphere clansphere	eq	2007.3
csphere:clansphere	csphere clansphere	eq	2007.3.1
csphere:clansphere	csphere clansphere	eq	2007.4
csphere:clansphere	csphere clansphere	eq	2007.4.1

Rows per page:

1-10 of 201

References

osvdb.org/64320

osvdb.org/64321

php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html

php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html

secunia.com/advisories/39685

trac.clansphere.de/csp/changeset/3803/

trac.clansphere.de/csp/changeset/3808/

www.csphere.eu/index/news/view/id/487/start/0

www.securityfocus.com/bid/39896

www.vupen.com/english/advisories/2010/1066

exchange.xforce.ibmcloud.com/vulnerabilities/58311

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for CVE-2010-1865

cvelist1 prion1 nvd1