Description
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
Exploits (2)
References (9)
Core 9
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45212
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/69628
Exploit x_refsource_misc
http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45211
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42515
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8080
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8082
Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/69627
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8088
Scores
EPSS
0.0068
EPSS Percentile
71.7%
Details
CWE
CWE-89
Status
published
Products (1)
raemedia/real_estate_single_and_multi_agent_system
3.0
Published
Feb 16, 2011
Tracked Since
Feb 18, 2026