cbcvebase.

Csphere Clansphere vulnerabilities

7 known vulnerabilities affecting csphere/clansphere.

Total CVEs
7
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2012-10034P3HIGHCVSS 7.5PoCv2011.32025-08-05
CVE-2012-10034 [HIGH] CWE-22 CVE-2012-10034: ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further exacerbated by null byte injection (%00) to bypass fi
nvd
CVE-2021-27310P3MEDIUMCVSS 6.1PoCv2011.42021-03-23
CVE-2021-27310 [MEDIUM] CWE-79 CVE-2021-27310: Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter. Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
nvd
CVE-2021-27309P3MEDIUMCVSS 6.1PoCv2011.42021-03-23
CVE-2021-27309 [MEDIUM] CWE-79 CVE-2021-27309: Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter. Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.
nvd
CVE-2010-1865P3HIGHCVSS 7.5≤ 2009.0.3v2007+18 more2010-05-07
CVE-2010-1865 [HIGH] CWE-89 CVE-2010-1865: Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
nvd
CVE-2022-43119P4MEDIUMCVSS 6.1v2011.42022-11-09
CVE-2022-43119 [MEDIUM] CWE-79 CVE-2022-43119: A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arb A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter.
nvd
CVE-2014-100010P4MEDIUMCVSS 4.3v2011.42015-01-13
CVE-2014-100010 [MEDIUM] CWE-79 CVE-2014-100010: Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbi Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.
nvd
CVE-2011-3714P4MEDIUMCVSS 5.0v2010.02011-09-23
CVE-2011-3714 [MEDIUM] CWE-200 CVE-2011-3714: ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php.
nvd
Csphere Clansphere vulnerabilities | cvebase