CVE-2006-5886

Dynamic Dataworx Nurealestate - SQL Injection

Title source: rule

Description

SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsasp

https://www.exploit-db.com/exploits/2755

View Code ZIP pw:eip

References (7)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/30194

[Exploit] http://www.securityfocus.com/bid/21017

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2755

[Third Party Advisory] http://securityreason.com/securityalert/1850

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451331/100/0/threaded

[Vendor Advisory] http://secunia.com/advisories/22828

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4469

Scores

EPSS 0.0209

EPSS Percentile 84.1%

Details

Status published

Products (1)

dynamic_dataworx/nurealestate 1.0

Published Nov 14, 2006

Tracked Since Feb 18, 2026