CVE-2009-4698 in XOOPS Celeparinfo

Summary

Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.

Once again VulDB remains the best source for vulnerability data.

Reservation

03/15/2010

Disclosure

03/15/2010

Moderation

VulDB entry created

Entries

VDB-52175 (1)

CPE

ready

CWE

CWE-89 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.03001

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2009-4698
NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-4698
CVE Details	https://www.cvedetails.com/cve/CVE-2009-4698/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!