Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
csphere clansphere 2009.0.1 |
||
csphere clansphere 2009.0 |
||
csphere clansphere 2007.4.4 |
||
csphere clansphere 2007.4.3 |
||
csphere clansphere 2007.2 |
||
csphere clansphere 2007.1 |
||
csphere clansphere 2008.2.1 |
||
csphere clansphere 2008.2 |
||
csphere clansphere 2007.4 |
||
csphere clansphere 2007.3.1 |
||
csphere clansphere 2007 |
||
csphere clansphere |
||
csphere clansphere 2009.0.2 |
||
csphere clansphere 2008.1 |
||
csphere clansphere 2008.0 |
||
csphere clansphere 2007.3 |
||
csphere clansphere 2007.2.1 |
||
csphere clansphere 2007.4.2 |
||
csphere clansphere 2007.4.1 |
||
csphere clansphere 2007.0 |
Vulmon