CVE-2009-4698
Summary
| CVE | CVE-2009-4698 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-03-15 21:30:00 UTC |
| Updated | 2017-09-19 01:30:00 UTC |
| Description | Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Alexandre Amaral | Xoops Celepar | 1.0.1 | All | All | All |
| Application | Alexandre Amaral | Xoops Celepar | 1.0.1 | All | All | All |
| Application | Xoops | Xoops | All | All | All | All |
| Application | Xoops | Xoops | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| CELEPAR Xoops Celepar Module Multiple SQL Injection and Cross Site Scripting Vulnerabilities | BID | www.securityfocus.com | Exploit |
| 56593 | OSVDB | osvdb.org | |
| Xoops Celepar Module Qas (codigo) SQL Injection Vulnerability | EXPLOIT-DB | www.exploit-db.com | |
| XOOPS Celepar Module Qas (bSQL/XSS) Multiple Remote Vulnerabilities | EXPLOIT-DB | www.exploit-db.com | |
| 56594 | OSVDB | www.osvdb.org | |
| Xoops Celepar Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| 56595 | OSVDB | osvdb.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.