3 matches found
Sql injection
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal aka Ananda Raj Pandey Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the 1 city, 2 state, 3 country, 4 minprice, 5 maxprice, 6 bed, and 7 bath parameters, different vectors than CVE-2006-6807...
CVE-2010-4782
CVE-2010-4782 describes SQL injection vulnerabilities in Softwebs Nepal (Ananda Real Estate) 3.4 and earlier. The issue affects list.asp and allows remote attackers to execute arbitrary SQL commands via parameters such as city, state, country, minprice, maxprice, bed, and bath (vectors differ fro...
CVE-2006-6807
CVE-2006-6807 is a SQL injection vulnerability in Softwebs Nepal’s Ananda Real Estate 3.4 and earlier. The flaw affects list.asp and allows remote attackers to execute arbitrary SQL commands via the agent parameter. The NVD entry lists a base score of 7.5 (HIGH) with network access, low attack co...