CVE-2010-1708

Free Realty - SQL Injection via Agent Login or Password Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1708. PoCs published by Sid3^effects.

AI-analyzed exploit summary This is a writeup describing an authentication bypass vulnerability in FreeRealty. The exploit involves using a SQL injection payload (' or 1=1 or ''=') in both the login and password fields to bypass authentication.

Description

Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).

Exploits (1)

exploitdb WRITEUP VERIFIED
by Sid3^effects · textwebappsphp
https://www.exploit-db.com/exploits/12411

This is a writeup describing an authentication bypass vulnerability in FreeRealty. The exploit involves using a SQL injection payload (' or 1=1 or ''=') in both the login and password fields to bypass authentication.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: FreeRealty (version not specified)
No auth needed
Prerequisites: access to the login page of the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/12411
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39712
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58193

Scores

EPSS 0.0097
EPSS Percentile 57.1%

Details

CWE
CWE-89
Status published
Products (24)
freerealty.rwcinc/free_realty 2.6
freerealty.rwcinc/free_realty 2.6.1
freerealty.rwcinc/free_realty 2.6.2
freerealty.rwcinc/free_realty 2.7 pre1 (7 CPE variants)
freerealty.rwcinc/free_realty 2.8
freerealty.rwcinc/free_realty 2.8.2
freerealty.rwcinc/free_realty 2.8.3
freerealty.rwcinc/free_realty 2.8.4
freerealty.rwcinc/free_realty 2.8.5
freerealty.rwcinc/free_realty 2.8.6 (4 CPE variants)
... and 14 more
Published May 04, 2010
Tracked Since Feb 18, 2026