csphere CVE Vulnerabilities & Metrics

Focus on csphere vulnerabilities and metrics.

Last updated: 26 Nov 2025, 23:25 UTC

About csphere Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with csphere. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total csphere CVEs: 5
Earliest CVE date: 07 May 2010, 23:00 UTC
Latest CVE date: 05 Aug 2025, 20:15 UTC

Latest CVE reference: CVE-2012-10034

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical csphere CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.63

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	4
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS csphere CVEs

These are the five CVEs with the highest CVSS scores for csphere, sorted by severity first and recency.

CVE-2010-1865 csphere Published on 07 May 2010, 23:00 UTC (CVSS: 7.5)
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
CVE-2011-3714 csphere Published on 23 Sep 2011, 23:55 UTC (CVSS: 5.0)
ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php.
CVE-2021-27310 csphere Published on 23 Mar 2021, 14:15 UTC (CVSS: 4.3)
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
CVE-2021-27309 csphere Published on 23 Mar 2021, 14:15 UTC (CVSS: 4.3)
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.
CVE-2014-100010 csphere Published on 13 Jan 2015, 11:59 UTC (CVSS: 4.3)
Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.

All CVEs for csphere

CVE-2012-10034 csphere vulnerability CVSS: 0 05 Aug 2025, 20:15 UTC

ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing attackers to traverse directories and read arbitrary files outside the web root. The vulnerability is further exacerbated by null byte injection (%00) to bypass file extension checks.

CVE-2022-43119 csphere vulnerability CVSS: 0 09 Nov 2022, 16:15 UTC

A cross-site scripting (XSS) vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username parameter.

CVE-2021-27310 csphere vulnerability CVSS: 4.3 23 Mar 2021, 14:15 UTC

Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.

CVE-2021-27309 csphere vulnerability CVSS: 4.3 23 Mar 2021, 14:15 UTC

Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter.

CVE-2014-100010 csphere vulnerability CVSS: 4.3 13 Jan 2015, 11:59 UTC

Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.

CVE-2011-3714 csphere vulnerability CVSS: 5.0 23 Sep 2011, 23:55 UTC

ClanSphere 2010.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by mods/board/attachment.php.

CVE-2010-1865 csphere vulnerability CVSS: 7.5 07 May 2010, 23:00 UTC

Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).