Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2010-1865

Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).

  • Published: May 7, 2010
  • Updated: Nov 9, 2025
  • CVE: CVE-2010-1865
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
csphere / clansphere 2007.4.3 2007.4.3.x
csphere / clansphere 2007.4.1 2007.4.1.x
csphere / clansphere 2008.2.1 2008.2.1.x
csphere / clansphere 2007.0 2007.0.x
csphere / clansphere 2008.1 2008.1.x
csphere / clansphere 2007.4.4 2007.4.4.x
csphere / clansphere 2007-rc2 2007-rc2.x
csphere / clansphere 2009.0 2009.0.x
csphere / clansphere 2007.3.1 2007.3.1.x
csphere / clansphere 2007.4.2 2007.4.2.x
csphere / clansphere 2007.2 2007.2.x
csphere / clansphere 2009.0.2 2009.0.2.x
csphere / clansphere - 2009.0.3.x
csphere / clansphere 2007-rc3 2007-rc3.x
csphere / clansphere 2009.0-rc1 2009.0-rc1.x
csphere / clansphere 2007.3 2007.3.x
csphere / clansphere 2008.2 2008.2.x
csphere / clansphere 2008.0 2008.0.x
csphere / clansphere 2009.0-rc2 2009.0-rc2.x
csphere / clansphere 2009.0.1 2009.0.1.x
csphere / clansphere 2007.4 2007.4.x
csphere / clansphere 2007.1 2007.1.x
csphere / clansphere 2009.0-rc3 2009.0-rc3.x
csphere / clansphere 2007-rc1 2007-rc1.x
csphere / clansphere 2007.2.1 2007.2.1.x