Lucene search

[email protected]CVE-2009-4698

HistoryMar 15, 2010 - 9:30 p.m.

CVE-2009-4698

2010-03-1521:30:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

xoops

celepar

qas

cve-2009-4698

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

JSON

Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.

Affected configurations

NVD

Node

alexandre_amaralxoops_celeparMatch1.0.1

AND

xoopsxoops

CPENameOperatorVersion
alexandre_amaral:xoops_celeparalexandre amaral xoops celepareq1.0.1

CPE	Name	Operator	Version
alexandre_amaral:xoops_celepar	alexandre amaral xoops celepar	eq	1.0.1

References

osvdb.org/56593

osvdb.org/56595

secunia.com/advisories/35966

www.exploit-db.com/exploits/9249

www.exploit-db.com/exploits/9261

www.osvdb.org/56594

www.securityfocus.com/bid/35820

exchange.xforce.ibmcloud.com/vulnerabilities/51985

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for CVE-2009-4698

cvelist1 prion1 nvd1 openvas2