CVE-2010-1865
07.05.2010, 23:00
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
| Vendor | Product | Version |
|---|---|---|
| csphere | clansphere | 𝑥 ≤ 2009.0.3 |
| csphere | clansphere | 2007.0 |
| csphere | clansphere | 2007.1 |
| csphere | clansphere | 2007.2 |
| csphere | clansphere | 2007.2.1 |
| csphere | clansphere | 2007.3 |
| csphere | clansphere | 2007.3.1 |
| csphere | clansphere | 2007.4 |
| csphere | clansphere | 2007.4.1 |
| csphere | clansphere | 2007.4.2 |
| csphere | clansphere | 2007.4.3 |
| csphere | clansphere | 2007.4.4 |
| csphere | clansphere | 2008.0 |
| csphere | clansphere | 2008.1 |
| csphere | clansphere | 2008.2 |
| csphere | clansphere | 2008.2.1 |
| csphere | clansphere | 2009.0 |
| csphere | clansphere | 2009.0:rc1 |
| csphere | clansphere | 2009.0:rc2 |
| csphere | clansphere | 2009.0:rc3 |
| csphere | clansphere | 2009.0.1 |
| csphere | clansphere | 2009.0.2 |
𝑥
= Vulnerable software versions
References