CVE-2007-6462 – PHP Real Estate - 'fullnews.php?id' SQL Injection
https://notcve.org/view.php?id=CVE-2007-6462
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en el fichero fullnews.php de PHP Real Estate Classifieds, Permite que atacantes remotos ejecuten comandos SQL arbitrarios a través del parámetro id. • https://www.exploit-db.com/exploits/4737 http://phprealestatescript.com/PHPREC-121707-646PM-PATCH.zip http://secunia.com/advisories/28119 http://www.securityfocus.com/bid/26888 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-3160 – PHP Real Estate Classifieds - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-3160
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter. Vulnerabilidad de inclusión remota de archivo en PHP en PHP Real Estate Classifieds Premium Plus permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro loc. • https://www.exploit-db.com/exploits/4055 http://osvdb.org/36890 http://secunia.com/advisories/25615 http://www.securityfocus.com/bid/24399 http://www.vupen.com/english/advisories/2007/2168 https://exchange.xforce.ibmcloud.com/vulnerabilities/34790 •