CVE-2009-4698

Qas module - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by s4r4d0 · textwebappsphp
https://www.exploit-db.com/exploits/9249
exploitdb WRITEUP VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/9261

References (8)

Scores

EPSS 0.0300
EPSS Percentile 86.4%

Classification

CWE
CWE-89
Status draft

Affected Products (1)

alexandre_amaral/xoops_celepar

Timeline

Published Mar 15, 2010
Tracked Since Feb 18, 2026