CVE-2007-4111

Real Estate listing website app < - SQL Injection

Title source: llm

Description

SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aria-Security Team · textwebappsasp

https://www.exploit-db.com/exploits/30428

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/35667

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/474934/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2949

Various Sources x_refsource_misc

http://outlaw.aria-security.info/?p=10

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26268

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25115

Scores

EPSS 0.0164

EPSS Percentile 82.0%

Details

Status published

Products (1)

codewidgets/real_estate_listing_website_application_template

Published Jul 31, 2007

Tracked Since Feb 18, 2026