296,322
Total vulnerabilities in the database
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
| Software | From | Fixed in |
|---|---|---|
| csphere / clansphere | 2007.4.3 | 2007.4.3.x |
| csphere / clansphere | 2007.4.1 | 2007.4.1.x |
| csphere / clansphere | 2008.2.1 | 2008.2.1.x |
| csphere / clansphere | 2007.0 | 2007.0.x |
| csphere / clansphere | 2008.1 | 2008.1.x |
| csphere / clansphere | 2007.4.4 | 2007.4.4.x |
| csphere / clansphere | 2007-rc2 | 2007-rc2.x |
| csphere / clansphere | 2009.0 | 2009.0.x |
| csphere / clansphere | 2007.3.1 | 2007.3.1.x |
| csphere / clansphere | 2007.4.2 | 2007.4.2.x |
| csphere / clansphere | 2007.2 | 2007.2.x |
| csphere / clansphere | 2009.0.2 | 2009.0.2.x |
| csphere / clansphere | - | 2009.0.3.x |
| csphere / clansphere | 2007-rc3 | 2007-rc3.x |
| csphere / clansphere | 2009.0-rc1 | 2009.0-rc1.x |
| csphere / clansphere | 2007.3 | 2007.3.x |
| csphere / clansphere | 2008.2 | 2008.2.x |
| csphere / clansphere | 2008.0 | 2008.0.x |
| csphere / clansphere | 2009.0-rc2 | 2009.0-rc2.x |
| csphere / clansphere | 2009.0.1 | 2009.0.1.x |
| csphere / clansphere | 2007.4 | 2007.4.x |
| csphere / clansphere | 2007.1 | 2007.1.x |
| csphere / clansphere | 2009.0-rc3 | 2009.0-rc3.x |
| csphere / clansphere | 2007-rc1 | 2007-rc1.x |
| csphere / clansphere | 2007.2.1 | 2007.2.1.x |