CVE-2009-4477

Xstate Real Estate 1.0 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Moudi · textwebappsphp
https://www.exploit-db.com/exploits/9565

References (4)

Scores

EPSS 0.0084
EPSS Percentile 74.5%

Classification

CWE
CWE-89
Status draft

Affected Products (1)

xstate/real_estate

Timeline

Published Dec 30, 2009
Tracked Since Feb 18, 2026