The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to....
8.8CVSS
7AI Score
0.0005EPSS
SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid...
8.7AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party...
5.7AI Score
0.002EPSS
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username...
8.7AI Score
0.001EPSS
SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse...
8.4AI Score
0.018EPSS
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password...
8.3AI Score
0.01EPSS
SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password...
8.6AI Score
0.004EPSS