6 matches found
CVE-2012-0982
CVE-2012-0982 describes an SQL injection vulnerability in Vastal I-Tech Agent Zone (aka The Real Estate Script). The issue exists in search.php and allows remote attackers to execute arbitrary SQL commands through the price_from parameter. The description explicitly notes remote exploitation with...
Sql injection
SQL injection vulnerability in viewlisting.php in Vastal I-Tech Agent Zone aka The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2009-3497
Vastal I-Tech Agent Zone (aka The Real Estate Script) is affected by CVE-2009-3497 due to an SQL injection in view_listing.php via the id parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. The affected component is the view_listing.php script; the root cause i...
CVE-2008-3951
CVE-2008-3951 describes an SQL injection vulnerability in the Web app component for Vastal I-Tech Agent Zone (aka The Real Estate Script). The issue resides in the view_ann.php handler, where the parameter ann_id can be manipulated by an attacker to cause arbitrary SQL execution. This is a remote...
Sql injection
SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter...
CVE-2008-2443
SQL injection vulnerability in The Real Estate Script’s dpage.php (docID parameter) allows remote attackers to execute arbitrary SQL commands. This is a vulnerability in the Real Estate Script where the docID input is not properly sanitized, enabling potentially partial/complete database impact. ...