CVE-2009-4698

EPSS 1.7%

Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.

Affected products

n/a · n/a

public PoCs found — 4

cve_referencewww.exploit-db.com/exploits/9249unverified cve_referencewww.exploit-db.com/exploits/9261unverified exploitdbwww.exploit-db.com/exploits/9249unverified exploitdbwww.exploit-db.com/exploits/9261unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://osvdb.org/56593 http://osvdb.org/56595 http://secunia.com/advisories/35966 https://exchange.xforce.ibmcloud.com/vulnerabilities/51985 http://www.exploit-db.com/exploits/9249 http://www.exploit-db.com/exploits/9261 http://www.osvdb.org/56594 http://www.securityfocus.com/bid/35820