cbcvebase.
CVE-2010-1865
published 2010-05-07

CVE-2010-1865: Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to…

PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.75%
75.0th percentile
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).

Affected

20 ranges
VendorProductVersion rangeFixed in
csphereclansphere<= 2009.0.3
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
csphereclansphere
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.