2 matches found
Sql injection
Vastal I-Tech Agent Zone aka The Real Estate Script allows SQL Injection in searchCommercial.php via the propertytype, city, or postedby parameter, or searchResidential.php via the propertytype, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and...
CVE-2012-0982
CVE-2012-0982 describes an SQL injection vulnerability in Vastal I-Tech Agent Zone (aka The Real Estate Script). The issue exists in search.php and allows remote attackers to execute arbitrary SQL commands through the price_from parameter. The description explicitly notes remote exploitation with...