Lucene search
+L
VastalAgent Zone

4 matches found

CVE
CVE
added 2017/10/31 7:0 a.m.65 views

CVE-2017-15991

Vastal I-Tech Agent Zone (aka The Real Estate Script) contains a SQL injection vulnerability affecting searchCommercial.php (parameters: property_type, city, posted_by) and searchResidential.php (parameters: property_type, city, bedroom). The issue arises from unsanitized input being interpolated...

9.8CVSS9.7AI score0.02652EPSS
Web
CVE
CVE
added 2009/09/30 3:0 p.m.59 views

CVE-2009-3497

Vastal I-Tech Agent Zone (aka The Real Estate Script) is affected by CVE-2009-3497 due to an SQL injection in view_listing.php via the id parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. The affected component is the view_listing.php script; the root cause i...

7.5CVSS10AI score0.01134EPSS
CVE
CVE
added 2012/02/02 5:0 p.m.53 views

CVE-2012-0982

CVE-2012-0982 describes an SQL injection vulnerability in Vastal I-Tech Agent Zone (aka The Real Estate Script). The issue exists in search.php and allows remote attackers to execute arbitrary SQL commands through the price_from parameter. The description explicitly notes remote exploitation with...

7.5CVSS9.9AI score0.01102EPSS
CVE
CVE
added 2008/09/09 1:9 p.m.50 views

CVE-2008-3951

CVE-2008-3951 describes an SQL injection vulnerability in the Web app component for Vastal I-Tech Agent Zone (aka The Real Estate Script). The issue resides in the view_ann.php handler, where the parameter ann_id can be manipulated by an attacker to cause arbitrary SQL execution. This is a remote...

7.5CVSS10AI score0.01051EPSS