Description
Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/submit.php. NOTE: some of these details are obtained from third party information.
Affected products
- cccp-common-clan-portal-pasterbin / cccp_pastebin2.70
- cccp-common-clan-portal-pasterbin / cccp_pastebin2.10 – 2.10
- cccp-common-clan-portal-pasterbin / cccp_pastebin2.20 – 2.20
- cccp-common-clan-portal-pasterbin / cccp_pastebin2.30 – 2.30
- cccp-common-clan-portal-pasterbin / cccp_pastebin2.40 – 2.40
- cccp-common-clan-portal-pasterbin / cccp_pastebin2.50 – 2.50
- cccp-common-clan-portal-pasterbin / cccp_pastebin2.60 – 2.60
References
- MISChttp://www.securityfocus.com/bid/34264
- MISChttp://sourceforge.net/project/shownotes.php?release_id=670960
- MISChttp://jcsfog.cvs.sourceforge.net/viewvc/jcsfog/CCCP-Pastebin/php/cccp-admin/inc/functions.php?r1=1.10&r2=1.11
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/49426
- VENDOR_ADVISORYhttp://secunia.com/advisories/34474