Lucene search

[email protected]CVE-2012-4279

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4279

2022-10-0316:15:32

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

free realty

remote attackers

arbitrary commands

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.4%

JSON

Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/admin.php.

Affected configurations

NVD

Node

rwcincfree_realtyMatch3.1-0.6

CPENameOperatorVersion
rwcinc:free_realtyrwcinc free realtyeq3.1-0.6

CPE	Name	Operator	Version
rwcinc:free_realty	rwcinc free realty	eq	3.1-0.6

References

secunia.com/advisories/49132

www.exploit-db.com/exploits/18874

www.securityfocus.com/bid/53491

www.vulnerability-lab.com/get_content.php?id=513

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.4%

JSON

Related for CVE-2012-4279

nvd1 prion1 cvelist1