CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 6CVE-2012-1112 – Open Realty 2.5.x - 'select_users_template' Local File Inclusion
https://notcve.org/view.php?id=CVE-2012-1112
Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php. Vulnerabilidad de directorio transversal en Open-Realty CMS v2.5.8 y anteriores permite a atacantes remotos incluir y ejecutar archivos locales a través de un .. (punto punto) en el parámetro select_users_template a index.php. • https://www.exploit-db.com/exploits/36910 http://archives.neohapsis.com/archives/bugtraq/2012-03/0012.html http://www.openwall.com/lists/oss-security/2012/03/05/14 http://www.openwall.com/lists/oss-security/2012/03/05/23 http://www.securityfocus.com/bid/52296 http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_lfi https://exchange.xforce.ibmcloud.com/vulnerabilities/73736 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3148
https://notcve.org/view.php?id=CVE-2006-3148
SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php. Vulnerabilidad de inyección SQL en search.inc.php de Open-Realty v2.3.1, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sorttype en index.php. • http://pridels0.blogspot.com/2006/06/open-realty-sql-injection-vuln.html http://secunia.com/advisories/20704 http://www.osvdb.org/26694 http://www.securityfocus.com/bid/18545 http://www.vupen.com/english/advisories/2006/2454 https://exchange.xforce.ibmcloud.com/vulnerabilities/27210 •