Unrated severityNVD Advisory· Published May 7, 2010· Updated Apr 29, 2026
CVE-2010-1865
CVE-2010-1865
Description
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
Affected products
25cpe:2.3:a:csphere:clansphere:*:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:csphere:clansphere:*:*:*:*:*:*:*:*range: <=2009.0.3
- cpe:2.3:a:csphere:clansphere:2007.0:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007.1:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007.2:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007.3:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007.4:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007:rc1:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007:rc2:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2007:rc3:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2008.0:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2008.1:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2008.2:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2008.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2009.0:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2009.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2009.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2009.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2009.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:csphere:clansphere:2009.0:rc3:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.htmlnvdExploit
- php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.htmlnvdExploit
- trac.clansphere.de/csp/changeset/3803/nvdExploitPatch
- trac.clansphere.de/csp/changeset/3808/nvdExploitPatch
- osvdb.org/64320nvd
- osvdb.org/64321nvd
- secunia.com/advisories/39685nvd
- www.csphere.eu/index/news/view/id/487/start/0nvd
- www.securityfocus.com/bid/39896nvd
- www.vupen.com/english/advisories/2010/1066nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/58311nvd
News mentions
0No linked articles in our index yet.