Description
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by t0pP8uZz · textwebappsphp
https://www.exploit-db.com/exploits/4737
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://phprealestatescript.com/PHPREC-121707-646PM-PATCH.zip
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4737
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26888
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28119
Scores
EPSS
0.0046
EPSS Percentile
64.3%
Details
CWE
CWE-89
Status
published
Products (1)
php_real_estate_classifieds/php_real_estate_classifieds_premium_plus
Published
Dec 20, 2007
Tracked Since
Feb 18, 2026