CVE-2010-2357

Eicrasoft Eicra Realestate Script - SQL Injection

Title source: rule

Description

SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by L0rd CrusAd3r · textwebappsphp

https://www.exploit-db.com/exploits/13802

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/40171

[Exploit] http://www.exploit-db.com/exploits/13802

[Exploit] http://www.securityfocus.com/bid/40748

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/59269

[Third Party Advisory, VDB Entry] http://osvdb.org/65412

Scores

EPSS 0.0014

EPSS Percentile 34.7%

Classification

CWE

CWE-89

Status draft

Affected Products (2)

eicrasoft/eicra_realestate_script

Timeline

Published Jun 21, 2010

Tracked Since Feb 18, 2026