CVE-2009-4698: SQL Injection
First published: Mon Mar 15 2010(Updated: )
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Alexandre Amaral Xoops Celepar | =1.0.1 | |
| Xoops Xoops |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/description
- agent/author
- agent/weakness
- agent/type
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/alexandre amaral
- canonical/alexandre amaral xoops celepar
- version/alexandre amaral xoops celepar/1.0.1
- vendor/xoops
- canonical/xoops xoops