Lucene search

[email protected]CVE-2010-1708

HistoryMay 04, 2010 - 4:00 p.m.

CVE-2010-1708

2010-05-0416:00:35

CWE-89

[email protected]

web.nvd.nist.gov

cve-2010-1708

sql injection

free realty

agentadmin.php

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).

Affected configurations

NVD

Node

freerealty.rwcincfree_realtyMatch2.6

freerealty.rwcincfree_realtyMatch2.6.1

freerealty.rwcincfree_realtyMatch2.6.2

freerealty.rwcincfree_realtyMatch2.7pre1

freerealty.rwcincfree_realtyMatch2.7pre2

freerealty.rwcincfree_realtyMatch2.7pre3

freerealty.rwcincfree_realtyMatch2.7pre4

freerealty.rwcincfree_realtyMatch2.7pre5

freerealty.rwcincfree_realtyMatch2.7pre6

freerealty.rwcincfree_realtyMatch2.7pre7

freerealty.rwcincfree_realtyMatch2.8

freerealty.rwcincfree_realtyMatch2.8.2

freerealty.rwcincfree_realtyMatch2.8.3

freerealty.rwcincfree_realtyMatch2.8.4

freerealty.rwcincfree_realtyMatch2.8.5

freerealty.rwcincfree_realtyMatch2.8.6

freerealty.rwcincfree_realtyMatch2.8.6pre1

freerealty.rwcincfree_realtyMatch2.8.6pre2

freerealty.rwcincfree_realtyMatch2.8.6pre3

freerealty.rwcincfree_realtyMatch2.8.6-1

freerealty.rwcincfree_realtyMatch2.9pre1

freerealty.rwcincfree_realtyMatch2.9pre2

freerealty.rwcincfree_realtyMatch2.9pre2.1

freerealty.rwcincfree_realtyMatch2.9pre2.2

freerealty.rwcincfree_realtyMatch2.9pre3.0

freerealty.rwcincfree_realtyMatch2.9-0.0

freerealty.rwcincfree_realtyMatch2.9-0.1

freerealty.rwcincfree_realtyMatch2.9-0.2

freerealty.rwcincfree_realtyMatch2.9-0.3

freerealty.rwcincfree_realtyMatch2.9-0.4

freerealty.rwcincfree_realtyMatch2.9-0.5

freerealty.rwcincfree_realtyMatch2.9-0.7

freerealty.rwcincfree_realtyMatch2.9-0.7.1

freerealty.rwcincfree_realtyMatch2.9-0.7.2

freerealty.rwcincfree_realtyMatch2.9-0.7.3

freerealty.rwcincfree_realtyMatch2.9-0.7.4

freerealty.rwcincfree_realtyMatch3.0-0rc1

freerealty.rwcincfree_realtyMatch3.0-0rc2

freerealty.rwcincfree_realtyMatch3.0-0rc3

freerealty.rwcincfree_realtyMatch3.0-0rc4

freerealty.rwcincfree_realtyMatch3.0-0rc5

freerealty.rwcincfree_realtyMatch3.0-0rc6

freerealty.rwcincfree_realtyMatch3.0-0rc7

CPENameOperatorVersion
freerealty.rwcinc:free_realtyfreerealty.rwcinc free realtyeq2.6
freerealty.rwcinc:free_realtyfreerealty.rwcinc free realtyeq2.6.1
freerealty.rwcinc:free_realtyfreerealty.rwcinc free realtyeq2.6.2
freerealty.rwcinc:free_realtyfreerealty.rwcinc free realtyeq2.7
freerealty.rwcinc:free_realtyfreerealty.rwcinc free realtyeq2.8
freerealty.rwcinc:free_realtyfreerealty.rwcinc free realtyeq2.8.2
freerealty.rwcinc:free_realtyfreerealty.rwcinc free realtyeq2.8.3
freerealty.rwcinc:free_realtyfreerealty.rwcinc free realtyeq2.8.4
freerealty.rwcinc:free_realtyfreerealty.rwcinc free realtyeq2.8.5
freerealty.rwcinc:free_realtyfreerealty.rwcinc free realtyeq2.8.6

CPE	Name	Operator	Version
freerealty.rwcinc:free_realty	freerealty.rwcinc free realty	eq	2.6
freerealty.rwcinc:free_realty	freerealty.rwcinc free realty	eq	2.6.1
freerealty.rwcinc:free_realty	freerealty.rwcinc free realty	eq	2.6.2
freerealty.rwcinc:free_realty	freerealty.rwcinc free realty	eq	2.7
freerealty.rwcinc:free_realty	freerealty.rwcinc free realty	eq	2.8
freerealty.rwcinc:free_realty	freerealty.rwcinc free realty	eq	2.8.2
freerealty.rwcinc:free_realty	freerealty.rwcinc free realty	eq	2.8.3
freerealty.rwcinc:free_realty	freerealty.rwcinc free realty	eq	2.8.4
freerealty.rwcinc:free_realty	freerealty.rwcinc free realty	eq	2.8.5
freerealty.rwcinc:free_realty	freerealty.rwcinc free realty	eq	2.8.6

Rows per page:

1-10 of 241

References

packetstormsecurity.org/1004-exploits/freerealty-sql.txt

www.exploit-db.com/exploits/12411

www.securityfocus.com/bid/39712

exchange.xforce.ibmcloud.com/vulnerabilities/58193

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

Related for CVE-2010-1708

cvelist1 nvd1 prion1