Description
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by underground-stockholm.com · textwebappsasp
https://www.exploit-db.com/exploits/15661
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/23506
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15661
Exploit x_refsource_misc
http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8185
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45146
Scores
EPSS
0.0146
EPSS Percentile
80.9%
Details
CWE
CWE-89
Status
published
Products (1)
softwebsnepal/ananda_real_estate
3.4
Published
Apr 07, 2011
Tracked Since
Feb 18, 2026