CVE-2012-4279

Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the 1 view parameter to agentdisplay.php or 2 edit parameter to admin/admin.php...