3 results (0.008 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 3

SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action. Vulnerabilidad de inyección SQL en index.php de Relative Real Estate Systems 3.0 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro listing_id en una acción listings. • https://www.exploit-db.com/exploits/5924 http://e-rdc.org/v1/news.php?readmore=101 http://securityreason.com/securityalert/4002 http://www.securityfocus.com/archive/1/493663/100/0/threaded http://www.securityfocus.com/bid/29915 http://www.vupen.com/english/advisories/2008/1926/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43316 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. Relative Real Estate Systems 3.0 y anteriores, guarda las contraseñas en texto claro (texto sin cifrar) en una base de datos MySQL; esto permite a atacantes dependientes del contacto obtener información sensible. • https://www.exploit-db.com/exploits/5924 http://e-rdc.org/v1/news.php?readmore=101 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter. • https://www.exploit-db.com/exploits/26723 http://pridels0.blogspot.com/2005/12/relative-real-estate-systems-sql-inj.html http://secunia.com/advisories/17846 http://www.osvdb.org/21432 http://www.securityfocus.com/bid/15714 http://www.vupen.com/english/advisories/2005/2723 https://exchange.xforce.ibmcloud.com/vulnerabilities/23435 •