4 matches found
CVE-2017-15991
Vastal I-Tech Agent Zone (aka The Real Estate Script) contains a SQL injection vulnerability affecting searchCommercial.php (parameters: property_type, city, posted_by) and searchResidential.php (parameters: property_type, city, bedroom). The issue arises from unsanitized input being interpolated...
CVE-2009-3497
Vastal I-Tech Agent Zone (aka The Real Estate Script) is affected by CVE-2009-3497 due to an SQL injection in view_listing.php via the id parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. The affected component is the view_listing.php script; the root cause i...
CVE-2012-0982
CVE-2012-0982 describes an SQL injection vulnerability in Vastal I-Tech Agent Zone (aka The Real Estate Script). The issue exists in search.php and allows remote attackers to execute arbitrary SQL commands through the price_from parameter. The description explicitly notes remote exploitation with...
CVE-2008-3951
CVE-2008-3951 describes an SQL injection vulnerability in the Web app component for Vastal I-Tech Agent Zone (aka The Real Estate Script). The issue resides in the view_ann.php handler, where the parameter ann_id can be manipulated by an attacker to cause arbitrary SQL execution. This is a remote...