Real Estate Security Vulnerabilities
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch...
9.8CVSS
9.8AI Score
0.002EPSS
Advanced Real Estate Script 4.0.7 has SQL Injection via the search-results.php Projectmain, proj_type, searchtext, sell_price, or maxprice...
9.8CVSS
9.9AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos...
5.9AI Score
0.002EPSS
SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid...
8.7AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in findagent.php in MYRE Real Estate Software allow remote attackers to inject arbitrary web script or HTML via the (1) country1, (2) state1, or (3) city1...
5.9AI Score
0.002EPSS
SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page...
8.7AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors...
8.7AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent...
8.8AI Score
0.001EPSS
Multiple directory traversal vulnerabilities in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allow remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) folder and (2) action...
7.5AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt MEDIA Real Estate Portal 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the id...
5.4AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. NOTE: some of these details are obtained from third party...
8.9AI Score
0.001EPSS
Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are...
7.4AI Score
0.007EPSS
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party...
8.7AI Score
0.002EPSS
SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid...
8.4AI Score
0.001EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2)...
5.8AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party...
5.7AI Score
0.002EPSS
Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in...
7.5AI Score
0.005EPSS
Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be...
9.1AI Score
0.001EPSS
Unrestricted file upload vulnerability in PHPStore Real Estate allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a logo, then accessing it via a direct request to the file in...
7.5AI Score
0.008EPSS
Mole Group Real Estate Script 1.1 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
6.2AI Score
0.002EPSS
Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password...
8.8AI Score
0.001EPSS
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username...
8.7AI Score
0.001EPSS
admin/Index.php in Acc Real Estate 4.0 allows remote attackers to bypass authentication and gain administrative access by setting the username_cookie to...
7.4AI Score
0.006EPSS
SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to...
8.7AI Score
0.001EPSS
SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to...
7.4AI Score
0.017EPSS
Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to...
7.1AI Score
0.003EPSS
SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id...
8.7AI Score
0.001EPSS
SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 allows remote attackers to execute arbitrary SQL commands via the ad_id parameter in the re_send_email module to...
8.4AI Score
0.001EPSS
SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party...
8.4AI Score
0.001EPSS
SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse...
8.4AI Score
0.018EPSS
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat...
8.4AI Score
0.001EPSS
SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id...
8.4AI Score
0.001EPSS
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c...
8.4AI Score
0.001EPSS
SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings...
8.3AI Score
0.003EPSS
SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings...
8.4AI Score
0.001EPSS
Relative Real Estate Systems 3.0 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive...
6.2AI Score
0.002EPSS
SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID...
8.4AI Score
0.001EPSS
Multiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters. NOTE: some of these details are obtained from third party...
8.5AI Score
0.002EPSS
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id...
8.5AI Score
0.001EPSS
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password...
8.3AI Score
0.01EPSS
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc...
7.5AI Score
0.153EPSS
SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party...
8.4AI Score
0.003EPSS
SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent...
8.3AI Score
0.002EPSS
SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password...
8.6AI Score
0.004EPSS
SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls...
8.8AI Score
0.009EPSS
SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) start, (2) search_order, (3) search_type, (4) search_area, and (5) keyword...
8.8AI Score
0.111EPSS
Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and attack...
7.2AI Score
0.005EPSS