Real Estate Script Security Vulnerabilities

CVE-2018-5075

Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name...

CVE-2018-5076

Online Ticket Booking has XSS via the admin/newsedit.php newstitle...

CVE-2018-5077

Online Ticket Booking has XSS via the admin/movieedit.php moviename...

CVE-2018-5073

Online Ticket Booking has CSRF via...

CVE-2018-5072

Online Ticket Booking has XSS via the admin/sitesettings.php keyword...

CVE-2018-5074

Online Ticket Booking has XSS via the admin/manageownerlist.php contact...

CVE-2018-5078

Online Ticket Booking has XSS via the admin/eventlist.php cast...

CVE-2010-1063

Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2)...

CVE-2013-5931

SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid...

CVE-2017-20130

A vulnerability was found in Itech Real Estate Script 3.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /real-estate-script/search_property.php. The manipulation of the argument property_for leads to sql injection. The attack can be...

CVE-2019-20337

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL...

CVE-2019-20336

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to...

CVE-2018-16457

PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img...

CVE-2018-15189

PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a...

CVE-2018-15188

PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a...

CVE-2018-15187

PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via...

CVE-2018-6796

PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input...

CVE-2018-6364

SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch...

CVE-2017-17603

Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice...

CVE-2013-5930

Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos...

CVE-2011-3393

Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1...

CVE-2010-3607

Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id...

CVE-2010-1062

Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are...

CVE-2009-4478

Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2)...

CVE-2009-4318

Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party...

CVE-2008-6818

Mole Group Real Estate Script 1.1 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2008-3123

SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings...

CVE-2008-2443

SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID...

CVE-2007-4111

SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password...