CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2008-2881 – Relative Real Estate Systems 3.0 - 'listing_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-2881
Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. Relative Real Estate Systems 3.0 y anteriores, guarda las contraseñas en texto claro (texto sin cifrar) en una base de datos MySQL; esto permite a atacantes dependientes del contacto obtener información sensible. • https://www.exploit-db.com/exploits/5924 http://e-rdc.org/v1/news.php?readmore=101 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-4019 – Relative Real Estate Systems 1.2 - SQL Injection
https://notcve.org/view.php?id=CVE-2005-4019
SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter. • https://www.exploit-db.com/exploits/26723 http://pridels0.blogspot.com/2005/12/relative-real-estate-systems-sql-inj.html http://secunia.com/advisories/17846 http://www.osvdb.org/21432 http://www.securityfocus.com/bid/15714 http://www.vupen.com/english/advisories/2005/2723 https://exchange.xforce.ibmcloud.com/vulnerabilities/23435 •