CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-6011 – SG Real Estate Portal 2.0 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6011
SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. Vulnerabilidad de inyección SQL en index.php de SG Real Estate Portal v2.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro page_id (identificador de página). • https://www.exploit-db.com/exploits/6634 https://www.exploit-db.com/exploits/6631 http://www.securityfocus.com/bid/31489 https://exchange.xforce.ibmcloud.com/vulnerabilities/45568 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6010 – SG Real Estate Portal 2.0 - Blind SQL Injection / Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6010
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php. Múltiples vulnerabilidades de salto de directorio en SG Real Estate Portal 2.0 que permite a los atacantes remotos leer arbitrariamente archivos a través de .. (punto punto) en parámetros (1) mod, (2) page, o (3) lang para index.php; o los parámetros (4) action o (5) folder en una petición de seguridad a admin/index.php. • https://www.exploit-db.com/exploits/6631 http://www.securityfocus.com/bid/31489 https://exchange.xforce.ibmcloud.com/vulnerabilities/45569 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2008-6009 – SG Real Estate Portal 2.0 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-6009
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1. SG Real Estate Portal v2.0 permite a atacantes remotos evitar la autenticación y obtener acceso de administrador configurando la cookie Auth a 1. • https://www.exploit-db.com/exploits/6635 http://www.securityfocus.com/bid/31500 https://exchange.xforce.ibmcloud.com/vulnerabilities/45577 • CWE-287: Improper Authentication •