Description
Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field).
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by BackDoor · textwebappsphp
https://www.exploit-db.com/exploits/7094
References (3)
Core 3
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/7094
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3121
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32134
Scores
EPSS
0.0029
EPSS Percentile
52.2%
Details
CWE
CWE-89
Status
published
Products (1)
preprojects/pre_real_estate_listings
Published
May 07, 2009
Tracked Since
Feb 18, 2026