CVE-2009-4477

Xstate Real Estate 1.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4477. PoCs published by Moudi.

AI-analyzed exploit summary This is a writeup detailing blind SQL injection (bSQL) and XSS vulnerabilities in Xstate Real Estate 1.0. It provides proof-of-concept URLs for exploitation but does not include executable exploit code.

Description

SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/9565

This is a writeup detailing blind SQL injection (bSQL) and XSS vulnerabilities in Xstate Real Estate 1.0. It provides proof-of-concept URLs for exploitation but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: Xstate Real Estate 1.0
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36529
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/57670
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9565
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52968

Scores

EPSS 0.0101
EPSS Percentile 58.5%

Details

CWE
CWE-89
Status published
Products (1)
xstate/real_estate 1.0
Published Dec 30, 2009
Tracked Since Feb 18, 2026