Vulnerability Details CVE-2009-4698
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/56593
- http://osvdb.org/56595
- http://secunia.com/advisories/35966
- http://www.exploit-db.com/exploits/9249
- http://www.exploit-db.com/exploits/9261
- http://www.osvdb.org/56594
- http://www.securityfocus.com/bid/35820
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51985
- http://osvdb.org/56593
- http://osvdb.org/56595
- http://secunia.com/advisories/35966
- http://www.exploit-db.com/exploits/9249
- http://www.exploit-db.com/exploits/9261
- http://www.osvdb.org/56594
- http://www.securityfocus.com/bid/35820
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51985
Products affected by CVE-2009-4698
-
cpe:2.3:a:alexandre_amaral:xoops_celepar:1.0.1
-
cpe:2.3:a:xoops:xoops:2.5.10
-
cpe:2.3:a:xoops:xoops:2.5.6
-
cpe:2.3:a:xoops:xoops:2.5.7
-
cpe:2.3:a:xoops:xoops:2.5.7.2
-
cpe:2.3:a:xoops:xoops:2.5.7.3
-
cpe:2.3:a:xoops:xoops:2.5.8
-
cpe:2.3:a:xoops:xoops:2.5.8.1