CVE-2009-4698 Information

Description

Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php and the (3) cod_categoria parameter to categoria.php.

Reference

http://osvdb.org/56593 http://osvdb.org/56595 http://secunia.com/advisories/35966 http://www.exploit-db.com/exploits/9249 http://www.exploit-db.com/exploits/9261 http://www.osvdb.org/56594 http://www.securityfocus.com/bid/35820 https://exchange.xforce.ibmcloud.com/vulnerabilities/51985