4 matches found
CVE-2008-7052
CVE-2008-7052 describes an unrestricted file upload flaw in profile.php of the Pre Projects Pre Real Estate Listings application. The vulnerability allows remote authenticated users to upload a file with an executable extension as a profile logo and later access it directly via the re_images/ pat...
CVE-2008-6798
The CVE-2008-6798 entry describes multiple SQL injection vulnerabilities in login.php of Pre Projects Pre Real Estate Listings. The vulnerability allows remote attackers to execute arbitrary SQL commands via the us (Username) or ps (Password) parameters, enabling potential unauthorized data acces...
CVE-2008-4177
CVE-2008-4177 describes an SQL injection in search.php of Pre Real Estate Listings, allowing remote attackers to execute arbitrary SQL via the c parameter. NVD lists CVSS v2 base score 7.5 (HIGH) with NETWORK/vector: AV:N, AC:L, Au:N, C:P/I:P/A:P.
CVE-2008-6796
CVE-2008-6796 is a SQL injection vulnerability affecting Pre Projects Pre Real Estate Listings, specifically in the login script (manager/login.php). The vulnerability allows remote attackers to inject arbitrary SQL via the username1 parameter (also referred to as Admin/Username field), enabling ...