fkie_cve-2010-1865
Vulnerability from fkie_nvd
Published
2010-05-07 23:00
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| csphere | clansphere | * | |
| csphere | clansphere | 2007 | |
| csphere | clansphere | 2007 | |
| csphere | clansphere | 2007 | |
| csphere | clansphere | 2007.0 | |
| csphere | clansphere | 2007.1 | |
| csphere | clansphere | 2007.2 | |
| csphere | clansphere | 2007.2.1 | |
| csphere | clansphere | 2007.3 | |
| csphere | clansphere | 2007.3.1 | |
| csphere | clansphere | 2007.4 | |
| csphere | clansphere | 2007.4.1 | |
| csphere | clansphere | 2007.4.2 | |
| csphere | clansphere | 2007.4.3 | |
| csphere | clansphere | 2007.4.4 | |
| csphere | clansphere | 2008.0 | |
| csphere | clansphere | 2008.1 | |
| csphere | clansphere | 2008.2 | |
| csphere | clansphere | 2008.2.1 | |
| csphere | clansphere | 2009.0 | |
| csphere | clansphere | 2009.0 | |
| csphere | clansphere | 2009.0 | |
| csphere | clansphere | 2009.0 | |
| csphere | clansphere | 2009.0.1 | |
| csphere | clansphere | 2009.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:csphere:clansphere:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7EF0625-4564-4A3F-B98A-B6453EE5EAC8",
"versionEndIncluding": "2009.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007:rc1:*:*:*:*:*:*",
"matchCriteriaId": "AE50B38A-760E-43B9-B17A-5C47AF57E1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B0EFCA36-A2CF-4E23-8B94-CAD54AF747FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007:rc3:*:*:*:*:*:*",
"matchCriteriaId": "4F7251E2-D5E6-4A51-9967-25D93931D013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA734F8E-4CBD-4556-9C58-3326849A9B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6599FE5D-70BD-45A8-AB0D-84CE51C0F7BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41402DCE-FD8C-47E0-A8F1-823C3F21837D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED573EC-95BC-49EE-A278-1E551F0503E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFBBCDA-240E-4232-9EA5-BEFCCF004DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C212E4E-D0A3-4B29-B27C-0C1B07E8562C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24935004-C14F-40F3-A6DA-5619765F590D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26D0B153-55E2-46AB-B189-57AD18EC8320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FF8DE1F-3F3A-4336-A557-553FA8892DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "51828C8E-C8FB-4013-88D3-49B3ADFE1BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2007.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34168024-FF89-4F8A-BE21-DF70DD1C4D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2008.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE20EF49-4BD3-4212-9599-683558A0D01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2008.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C163EE10-D269-49DE-BF52-117161C7A88A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2008.2:*:*:*:*:*:*:*",
"matchCriteriaId": "906EB7CF-E437-4FC1-BC36-8C550406EB27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2008.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18B6F3D4-9095-489D-BC08-484F68D0ACA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2009.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5790D702-BE5A-4566-A068-1D4135F9CB64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2009.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "731A47D3-64D6-41C4-B0C3-9A5FEB5E4659",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2009.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "ADBEA3D6-2CCA-44EF-90C5-146DCE66477F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2009.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "C3DE41C5-3434-409B-8E17-A600C22A05A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2009.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A18C23F-0B9A-4074-88D6-A4DA5F082F97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:csphere:clansphere:2009.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B2C43A7-3307-49A4-B523-D3D6F23AFA2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php)."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en ClanSphere v2009.0.3 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de (1) IP address sobre la funci\u00f3n cs_getip en generate.php en el m\u00f3dulo Captcha, o (2) el par\u00e1metro s_email sobre la funci\u00f3n cs_sql_select en el controlador de base de datos MySQL(mysql.php)."
}
],
"id": "CVE-2010-1865",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-07T23:00:01.797",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/64320"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/64321"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/39685"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://trac.clansphere.de/csp/changeset/3803/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://trac.clansphere.de/csp/changeset/3808/"
},
{
"source": "cve@mitre.org",
"url": "http://www.csphere.eu/index/news/view/id/487/start/0"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/39896"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/1066"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/64320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/64321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://trac.clansphere.de/csp/changeset/3803/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://trac.clansphere.de/csp/changeset/3808/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.csphere.eu/index/news/view/id/487/start/0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/1066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58311"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…