CVE-2010-1865 (GCVE-0-2010-1865)

Vulnerability from cvelistv5 – Published: 2010-05-07 22:00 – Updated: 2024-08-07 01:35
VLAI?
Summary
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:35:53.695Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "39685",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39685"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html"
          },
          {
            "name": "ADV-2010-1066",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1066"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://trac.clansphere.de/csp/changeset/3803/"
          },
          {
            "name": "39896",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/39896"
          },
          {
            "name": "64320",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/64320"
          },
          {
            "name": "clansphere-captcha-sql-injection(58311)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58311"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://trac.clansphere.de/csp/changeset/3808/"
          },
          {
            "name": "64321",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/64321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.csphere.eu/index/news/view/id/487/start/0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "39685",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39685"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html"
        },
        {
          "name": "ADV-2010-1066",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1066"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://trac.clansphere.de/csp/changeset/3803/"
        },
        {
          "name": "39896",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/39896"
        },
        {
          "name": "64320",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/64320"
        },
        {
          "name": "clansphere-captcha-sql-injection(58311)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58311"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://trac.clansphere.de/csp/changeset/3808/"
        },
        {
          "name": "64321",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/64321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.csphere.eu/index/news/view/id/487/start/0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-1865",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "39685",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39685"
            },
            {
              "name": "http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html",
              "refsource": "MISC",
              "url": "http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html"
            },
            {
              "name": "ADV-2010-1066",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1066"
            },
            {
              "name": "http://trac.clansphere.de/csp/changeset/3803/",
              "refsource": "CONFIRM",
              "url": "http://trac.clansphere.de/csp/changeset/3803/"
            },
            {
              "name": "39896",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/39896"
            },
            {
              "name": "64320",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/64320"
            },
            {
              "name": "clansphere-captcha-sql-injection(58311)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58311"
            },
            {
              "name": "http://trac.clansphere.de/csp/changeset/3808/",
              "refsource": "CONFIRM",
              "url": "http://trac.clansphere.de/csp/changeset/3808/"
            },
            {
              "name": "64321",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/64321"
            },
            {
              "name": "http://www.csphere.eu/index/news/view/id/487/start/0",
              "refsource": "CONFIRM",
              "url": "http://www.csphere.eu/index/news/view/id/487/start/0"
            },
            {
              "name": "http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html",
              "refsource": "MISC",
              "url": "http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-1865",
    "datePublished": "2010-05-07T22:00:00",
    "dateReserved": "2010-05-07T00:00:00",
    "dateUpdated": "2024-08-07T01:35:53.695Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2009.0.3\", \"matchCriteriaId\": \"D7EF0625-4564-4A3F-B98A-B6453EE5EAC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE50B38A-760E-43B9-B17A-5C47AF57E1E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0EFCA36-A2CF-4E23-8B94-CAD54AF747FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"4F7251E2-D5E6-4A51-9967-25D93931D013\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA734F8E-4CBD-4556-9C58-3326849A9B04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6599FE5D-70BD-45A8-AB0D-84CE51C0F7BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"41402DCE-FD8C-47E0-A8F1-823C3F21837D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3ED573EC-95BC-49EE-A278-1E551F0503E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1CFBBCDA-240E-4232-9EA5-BEFCCF004DA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C212E4E-D0A3-4B29-B27C-0C1B07E8562C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24935004-C14F-40F3-A6DA-5619765F590D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26D0B153-55E2-46AB-B189-57AD18EC8320\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FF8DE1F-3F3A-4336-A557-553FA8892DC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51828C8E-C8FB-4013-88D3-49B3ADFE1BB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2007.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34168024-FF89-4F8A-BE21-DF70DD1C4D29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2008.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE20EF49-4BD3-4212-9599-683558A0D01A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2008.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C163EE10-D269-49DE-BF52-117161C7A88A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2008.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"906EB7CF-E437-4FC1-BC36-8C550406EB27\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2008.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18B6F3D4-9095-489D-BC08-484F68D0ACA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2009.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5790D702-BE5A-4566-A068-1D4135F9CB64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2009.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"731A47D3-64D6-41C4-B0C3-9A5FEB5E4659\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2009.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADBEA3D6-2CCA-44EF-90C5-146DCE66477F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2009.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3DE41C5-3434-409B-8E17-A600C22A05A3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2009.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A18C23F-0B9A-4074-88D6-A4DA5F082F97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:csphere:clansphere:2009.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B2C43A7-3307-49A4-B523-D3D6F23AFA2E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de inyecci\\u00f3n SQL en ClanSphere v2009.0.3 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elecci\\u00f3n a trav\\u00e9s de (1) IP address sobre la funci\\u00f3n cs_getip en generate.php en el m\\u00f3dulo Captcha, o (2) el par\\u00e1metro s_email sobre la funci\\u00f3n cs_sql_select en el controlador de base de datos MySQL(mysql.php).\"}]",
      "id": "CVE-2010-1865",
      "lastModified": "2024-11-21T01:15:21.210",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-05-07T23:00:01.797",
      "references": "[{\"url\": \"http://osvdb.org/64320\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/64321\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/39685\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://trac.clansphere.de/csp/changeset/3803/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://trac.clansphere.de/csp/changeset/3808/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.csphere.eu/index/news/view/id/487/start/0\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/39896\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/1066\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58311\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/64320\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/64321\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/39685\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://trac.clansphere.de/csp/changeset/3803/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://trac.clansphere.de/csp/changeset/3808/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.csphere.eu/index/news/view/id/487/start/0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/39896\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/1066\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/58311\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-89\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1865\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-05-07T23:00:01.797\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en ClanSphere v2009.0.3 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de (1) IP address sobre la funci\u00f3n cs_getip en generate.php en el m\u00f3dulo Captcha, o (2) el par\u00e1metro s_email sobre la funci\u00f3n cs_sql_select en el controlador de base de datos MySQL(mysql.php).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2009.0.3\",\"matchCriteriaId\":\"D7EF0625-4564-4A3F-B98A-B6453EE5EAC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE50B38A-760E-43B9-B17A-5C47AF57E1E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0EFCA36-A2CF-4E23-8B94-CAD54AF747FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F7251E2-D5E6-4A51-9967-25D93931D013\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA734F8E-4CBD-4556-9C58-3326849A9B04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6599FE5D-70BD-45A8-AB0D-84CE51C0F7BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41402DCE-FD8C-47E0-A8F1-823C3F21837D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3ED573EC-95BC-49EE-A278-1E551F0503E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CFBBCDA-240E-4232-9EA5-BEFCCF004DA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C212E4E-D0A3-4B29-B27C-0C1B07E8562C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24935004-C14F-40F3-A6DA-5619765F590D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26D0B153-55E2-46AB-B189-57AD18EC8320\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FF8DE1F-3F3A-4336-A557-553FA8892DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51828C8E-C8FB-4013-88D3-49B3ADFE1BB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2007.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34168024-FF89-4F8A-BE21-DF70DD1C4D29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2008.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE20EF49-4BD3-4212-9599-683558A0D01A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2008.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C163EE10-D269-49DE-BF52-117161C7A88A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2008.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"906EB7CF-E437-4FC1-BC36-8C550406EB27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2008.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18B6F3D4-9095-489D-BC08-484F68D0ACA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2009.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5790D702-BE5A-4566-A068-1D4135F9CB64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2009.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"731A47D3-64D6-41C4-B0C3-9A5FEB5E4659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2009.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADBEA3D6-2CCA-44EF-90C5-146DCE66477F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2009.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3DE41C5-3434-409B-8E17-A600C22A05A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2009.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A18C23F-0B9A-4074-88D6-A4DA5F082F97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:csphere:clansphere:2009.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B2C43A7-3307-49A4-B523-D3D6F23AFA2E\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/64320\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/64321\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/39685\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://trac.clansphere.de/csp/changeset/3803/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://trac.clansphere.de/csp/changeset/3808/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.csphere.eu/index/news/view/id/487/start/0\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/39896\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1066\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58311\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/64320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/64321\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/39685\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://trac.clansphere.de/csp/changeset/3803/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://trac.clansphere.de/csp/changeset/3808/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.csphere.eu/index/news/view/id/487/start/0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/39896\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/1066\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/58311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.