CVE-2010-1865

Name of the Vulnerable Software and Affected Versions ClanSphere versions 2009.0.3 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the IP address to the cs getip function in generate.php within the Captcha module, or through the s email parameter to the cs sql select function in the MySQL database driver (mysql.php).

Recommendations For ClanSphere versions 2009.0.3 and earlier, as a temporary workaround, consider restricting access to the Captcha module and the MySQL database driver until a patch is available. Avoid using the s email parameter in the affected MySQL database driver until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.