Описание
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-1865
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58311
- http://osvdb.org/64320
- http://osvdb.org/64321
- http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html
- http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html
- http://secunia.com/advisories/39685
- http://trac.clansphere.de/csp/changeset/3803
- http://trac.clansphere.de/csp/changeset/3808
- http://www.csphere.eu/index/news/view/id/487/start/0
- http://www.securityfocus.com/bid/39896
- http://www.vupen.com/english/advisories/2010/1066
Связанные уязвимости
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).