Lucene search
HistoryMar 15, 2010 - 9:30 p.m.
CVE-2009-4698
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.5
Confidence
Low
EPSS
0.003
Percentile
68.2%
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
Affected configurations
Node
alexandre_amaralxoops_celeparMatch1.0.1
xoopsxoops
| Vendor | Product | Version | CPE |
|---|---|---|---|
| alexandre_amaral | xoops_celepar | 1.0.1 | cpe:2.3:a:alexandre_amaral:xoops_celepar:1.0.1:*:*:*:*:*:*:* |
| xoops | xoops | * | cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:* |
Related
prion
prion
Sql injection
2010-03-15 21:30:00
exploitdb
exploitdb
XOOPS Celepar Module Qas - Blind SQL Injection / Cross-Site Scripting
2009-07-27 00:00:00
XOOPS Celepar Module Qas - 'codigo' SQL Injection
2009-07-24 00:00:00
cve
cve
CVE-2009-4698
2010-03-15 21:30:00
cvelist
cvelist
CVE-2009-4698
2010-03-15 21:00:00
openvas
openvas
Xoops Celepar <= 2.2.4 Multiple Vulnerabilities - Active Check
2010-03-23 00:00:00
Xoops Celepar Multiple Vulnerabilities
2010-03-23 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.5
Confidence
Low
EPSS
0.003
Percentile
68.2%
Related for NVD:CVE-2009-4698