CVE-2009-4698: SQL Injection
First published: Mon Mar 15 2010(Updated: )
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xoops | =1.0.1 | |
| E-xoops |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-4698?
CVE-2009-4698 is classified as a high severity vulnerability due to its potential to allow remote attackers to execute arbitrary SQL commands.
How do I fix CVE-2009-4698?
To fix CVE-2009-4698, update the Qas module for XOOPS Celepar to the latest version that addresses these SQL injection vulnerabilities.
What software is affected by CVE-2009-4698?
CVE-2009-4698 affects versions of the Qas module for XOOPS Celepar, specifically version 1.0.1.
What are the entry points for exploitation in CVE-2009-4698?
CVE-2009-4698 can be exploited through the codigo parameter in aviso.php and imprimir.php, and the cod_categoria parameter in categoria.php.
Can CVE-2009-4698 be exploited without authentication?
Yes, CVE-2009-4698 can be exploited by remote attackers without authentication, making it particularly dangerous.
- collector/nvd-historical
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/weakness
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/alexandre amaral
- canonical/xoops
- version/xoops/1.0.1
- vendor/xoops
- canonical/e-xoops