CVE-2007-6462

PHP Real Estate Classifieds - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6462. PoCs published by t0pP8uZz.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in PHP Real Estate script, allowing an attacker to extract admin credentials from the database via a crafted UNION-based SQL query.

Description

SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by t0pP8uZz · textwebappsphp

https://www.exploit-db.com/exploits/4737

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in PHP Real Estate script, allowing an attacker to extract admin credentials from the database via a crafted UNION-based SQL query.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHP Real Estate Script (version unspecified)

No auth needed

Prerequisites: Target running vulnerable PHP Real Estate Script · Access to the fullnews.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources x_refsource_confirm

http://phprealestatescript.com/PHPREC-121707-646PM-PATCH.zip

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4737

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26888

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28119

Scores

EPSS 0.0104

EPSS Percentile 59.6%

Details

CWE

CWE-89

Status published

Products (1)

php_real_estate_classifieds/php_real_estate_classifieds_premium_plus

Published Dec 20, 2007

Tracked Since Feb 18, 2026