Lucene search

K
cve[email protected]CVE-2010-1865
HistoryMay 07, 2010 - 11:00 p.m.

CVE-2010-1865

2010-05-0723:00:01
CWE-89
web.nvd.nist.gov
27
cve-2010-1865
sql injection
clansphere
remote attack
security vulnerability
nvd

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.6%

Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).

Affected configurations

NVD
Node
csphereclansphereRange2009.0.3
OR
csphereclansphereMatch2007rc1
OR
csphereclansphereMatch2007rc2
OR
csphereclansphereMatch2007rc3
OR
csphereclansphereMatch2007.0
OR
csphereclansphereMatch2007.1
OR
csphereclansphereMatch2007.2
OR
csphereclansphereMatch2007.2.1
OR
csphereclansphereMatch2007.3
OR
csphereclansphereMatch2007.3.1
OR
csphereclansphereMatch2007.4
OR
csphereclansphereMatch2007.4.1
OR
csphereclansphereMatch2007.4.2
OR
csphereclansphereMatch2007.4.3
OR
csphereclansphereMatch2007.4.4
OR
csphereclansphereMatch2008.0
OR
csphereclansphereMatch2008.1
OR
csphereclansphereMatch2008.2
OR
csphereclansphereMatch2008.2.1
OR
csphereclansphereMatch2009.0
OR
csphereclansphereMatch2009.0rc1
OR
csphereclansphereMatch2009.0rc2
OR
csphereclansphereMatch2009.0rc3
OR
csphereclansphereMatch2009.0.1
OR
csphereclansphereMatch2009.0.2

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.6%

Related for CVE-2010-1865