CVSS: 9.8EPSS: 7%CPEs: 3EXPL: 6CVE-2012-1112 – Open Realty 2.5.x - 'select_users_template' Local File Inclusion
https://notcve.org/view.php?id=CVE-2012-1112
06 Sep 2012 — Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php. Vulnerabilidad de directorio transversal en Open-Realty CMS v2.5.8 y anteriores permite a atacantes remotos incluir y ejecutar archivos locales a través de un .. (punto punto) en el parámetro select_users_template a index.php. • https://www.exploit-db.com/exploits/36910 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0490
https://notcve.org/view.php?id=CVE-2007-0490
25 Jan 2007 — index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action. index.php en el Open-Realty 2.3.4 permite a atacantes remotos la obtención de información sensible (la ruta completa) a través del parámetro no válido listingID en la acción listingview. • http://www.securityfocus.com/archive/1/457676/100/0/threaded •