3 matches found
CVE-2005-4017
property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message...
CVE-2005-4016
SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the 1 propertyid, 2 zipcode, 3 propertytypeid, 4 price, and 5 cityid parameters to property.php...
CVE-2005-4017
property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message...