CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-5931
https://notcve.org/view.php?id=CVE-2013-5931
SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter. Vulnerabilidad de inyección SQL en property_listings_detail.php en Real Estate PHP Script permite a atacantes remotos ejecutar comandos SQL arbritrarios a través del parámetro "listingid". • http://packetstormsecurity.com/files/123138/realestatephpscript-xss.txt • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-6011 – SG Real Estate Portal 2.0 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-6011
SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. Vulnerabilidad de inyección SQL en index.php de SG Real Estate Portal v2.0, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro page_id (identificador de página). • https://www.exploit-db.com/exploits/6634 https://www.exploit-db.com/exploits/6631 http://www.securityfocus.com/bid/31489 https://exchange.xforce.ibmcloud.com/vulnerabilities/45568 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2CVE-2008-6010 – SG Real Estate Portal 2.0 - Blind SQL Injection / Local File Inclusion
https://notcve.org/view.php?id=CVE-2008-6010
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php. Múltiples vulnerabilidades de salto de directorio en SG Real Estate Portal 2.0 que permite a los atacantes remotos leer arbitrariamente archivos a través de .. (punto punto) en parámetros (1) mod, (2) page, o (3) lang para index.php; o los parámetros (4) action o (5) folder en una petición de seguridad a admin/index.php. • https://www.exploit-db.com/exploits/6631 http://www.securityfocus.com/bid/31489 https://exchange.xforce.ibmcloud.com/vulnerabilities/45569 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2008-6009 – SG Real Estate Portal 2.0 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-6009
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1. SG Real Estate Portal v2.0 permite a atacantes remotos evitar la autenticación y obtener acceso de administrador configurando la cookie Auth a 1. • https://www.exploit-db.com/exploits/6635 http://www.securityfocus.com/bid/31500 https://exchange.xforce.ibmcloud.com/vulnerabilities/45577 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-4570 – Real Estate Scripts 2008 - 'cat' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4570
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en index.php de Real Estate Classifieds permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro cat. • https://www.exploit-db.com/exploits/6736 http://secunia.com/advisories/32223 http://securityreason.com/securityalert/4418 http://www.securityfocus.com/bid/31723 https://exchange.xforce.ibmcloud.com/vulnerabilities/45819 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •