3 matches found
Sql injection
Vastal I-Tech Agent Zone aka The Real Estate Script allows SQL Injection in searchCommercial.php via the propertytype, city, or postedby parameter, or searchResidential.php via the propertytype, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and...
CVE-2008-3951
SQL injection vulnerability in viewann.php in Vastal I-Tech Agent Zone aka The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the annid parameter...
CVE-2008-3951
CVE-2008-3951 describes an SQL injection vulnerability in the Web app component for Vastal I-Tech Agent Zone (aka The Real Estate Script). The issue resides in the view_ann.php handler, where the parameter ann_id can be manipulated by an attacker to cause arbitrary SQL execution. This is a remote...