CVE-2010-1865
Summary
| CVE | CVE-2010-1865 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-05-07 23:00:00 UTC |
| Updated | 2017-08-17 01:32:00 UTC |
| Description | Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php). |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Csphere | Clansphere | 2007 | rc1 | All | All |
| Application | Csphere | Clansphere | 2007 | rc2 | All | All |
| Application | Csphere | Clansphere | 2007 | rc3 | All | All |
| Application | Csphere | Clansphere | 2007.0 | All | All | All |
| Application | Csphere | Clansphere | 2007.1 | All | All | All |
| Application | Csphere | Clansphere | 2007.2 | All | All | All |
| Application | Csphere | Clansphere | 2007.2.1 | All | All | All |
| Application | Csphere | Clansphere | 2007.3 | All | All | All |
| Application | Csphere | Clansphere | 2007.3.1 | All | All | All |
| Application | Csphere | Clansphere | 2007.4 | All | All | All |
| Application | Csphere | Clansphere | 2007.4.1 | All | All | All |
| Application | Csphere | Clansphere | 2007.4.2 | All | All | All |
| Application | Csphere | Clansphere | 2007.4.3 | All | All | All |
| Application | Csphere | Clansphere | 2007.4.4 | All | All | All |
| Application | Csphere | Clansphere | 2008.0 | All | All | All |
| Application | Csphere | Clansphere | 2008.1 | All | All | All |
| Application | Csphere | Clansphere | 2008.2 | All | All | All |
| Application | Csphere | Clansphere | 2008.2.1 | All | All | All |
| Application | Csphere | Clansphere | 2009.0 | All | All | All |
| Application | Csphere | Clansphere | 2009.0 | rc1 | All | All |
| Application | Csphere | Clansphere | 2009.0 | rc2 | All | All |
| Application | Csphere | Clansphere | 2009.0 | rc3 | All | All |
| Application | Csphere | Clansphere | 2009.0.1 | All | All | All |
| Application | Csphere | Clansphere | 2009.0.2 | All | All | All |
| Application | Csphere | Clansphere | 2007 | rc1 | All | All |
| Application | Csphere | Clansphere | 2007 | rc2 | All | All |
| Application | Csphere | Clansphere | 2007 | rc3 | All | All |
| Application | Csphere | Clansphere | 2007.0 | All | All | All |
| Application | Csphere | Clansphere | 2007.1 | All | All | All |
| Application | Csphere | Clansphere | 2007.2 | All | All | All |
| Application | Csphere | Clansphere | 2007.2.1 | All | All | All |
| Application | Csphere | Clansphere | 2007.3 | All | All | All |
| Application | Csphere | Clansphere | 2007.3.1 | All | All | All |
| Application | Csphere | Clansphere | 2007.4 | All | All | All |
| Application | Csphere | Clansphere | 2007.4.1 | All | All | All |
| Application | Csphere | Clansphere | 2007.4.2 | All | All | All |
| Application | Csphere | Clansphere | 2007.4.3 | All | All | All |
| Application | Csphere | Clansphere | 2007.4.4 | All | All | All |
| Application | Csphere | Clansphere | 2008.0 | All | All | All |
| Application | Csphere | Clansphere | 2008.1 | All | All | All |
| Application | Csphere | Clansphere | 2008.2 | All | All | All |
| Application | Csphere | Clansphere | 2008.2.1 | All | All | All |
| Application | Csphere | Clansphere | 2009.0 | All | All | All |
| Application | Csphere | Clansphere | 2009.0 | rc1 | All | All |
| Application | Csphere | Clansphere | 2009.0 | rc2 | All | All |
| Application | Csphere | Clansphere | 2009.0 | rc3 | All | All |
| Application | Csphere | Clansphere | 2009.0.1 | All | All | All |
| Application | Csphere | Clansphere | 2009.0.2 | All | All | All |
| Application | Csphere | Clansphere | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ClanSphere Captcha Generator SQL Injection Vulnerability - Advisories - Community | SECUNIA | secunia.com | |
| Changeset 3803 – ClanSphere | CONFIRM | trac.clansphere.de | Exploit, Patch |
| 64321 | OSVDB | osvdb.org | |
| :: ClanSphere :: Free OpenSource Clan CMS :: - News - Sicherheitsfix für ClanSphere 2009 | CONFIRM | www.csphere.eu | |
| MOPS-2010-004: ClanSphere Captcha Generator Blind SQL Injection Vulnerability « the Month of PHP Security | MISC | php-security.org | Exploit |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| ClanSphere Multiple SQL Injection Vulnerabilities | BID | www.securityfocus.com | |
| Changeset 3808 – ClanSphere | CONFIRM | trac.clansphere.de | Exploit, Patch |
| MOPS-2010-005: ClanSphere MySQL Driver Generic SQL Injection Vulnerability « the Month of PHP Security | MISC | php-security.org | Exploit |
| 64320 | OSVDB | osvdb.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.