2 matches found
Sql injection
Vastal I-Tech Agent Zone aka The Real Estate Script allows SQL Injection in searchCommercial.php via the propertytype, city, or postedby parameter, or searchResidential.php via the propertytype, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and...
CVE-2009-3497
Vastal I-Tech Agent Zone (aka The Real Estate Script) is affected by CVE-2009-3497 due to an SQL injection in view_listing.php via the id parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. The affected component is the view_listing.php script; the root cause i...