Published: 15/03/2010 Updated: 19/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote malicious users to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alexandre_amaral xoops_celepar 1.0.1

********************************************************************************************************** Xoops Celepar Module Qas Donwload of Xoops Celepar : wwwxoopsprgovbr/uploads/core/xoopscelepartargz Author: s4r4d0 mail:s4r4d0@yahoocom ********************************************************************************************* ...

########################################################################### #-----------------------------I AM MUSLIM !!------------------------------# ########################################################################### ============================================================================== _ _ _ ...

CWE-89 http://osvdb.org/56595 http://osvdb.org/56593 http://www.osvdb.org/56594 http://secunia.com/advisories/35966 http://www.securityfocus.com/bid/35820 https://exchange.xforce.ibmcloud.com/vulnerabilities/51985 http://www.exploit-db.com/exploits/9261 http://www.exploit-db.com/exploits/9249 https://nvd.nist.gov https://www.exploit-db.com/exploits/9249/

CVE-2009-4698

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect