VYPR
Vendor

Clansphere

Products
1
CVEs
12
Across products
12
Status
Private

Products

1

Recent CVEs

12
  • CVE-2012-10034Aug 5, 2025
    risk 0.06cvss epss 0.01

    ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The…

  • CVE-2009-2438Jul 13, 2009
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a list action. NOTE: this might overlap CVE-2008-1399.

  • CVE-2008-0489Jan 30, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in install.php in Clansphere 2007.4.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.

  • CVE-2007-5061Sep 24, 2007
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in mods/banners/navlist.php in Clansphere 2007.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php in a banners action.

  • CVE-2021-27309Mar 23, 2021
    risk 0.00cvss epss 0.02

    Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.

  • CVE-2021-27310Mar 23, 2021
    risk 0.00cvss epss 0.03

    Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.

  • CVE-2014-100010Jan 13, 2015
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.

  • CVE-2011-3714Sep 23, 2011
    risk 0.00cvss epss 0.01

    ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php.

  • CVE-2010-1865May 7, 2010
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in…

  • CVE-2009-2345Jul 7, 2009
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components.

  • CVE-2008-6470Mar 13, 2009
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 allow remote attackers to obtain sensitive information, and possibly have unknown other impact, via vectors related to "javascript insert" and the (1) mods/messages/getusers.php and (2) mods/abcode/listimg.php…

  • CVE-2008-1399Mar 20, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Clansphere 2008 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…