CVE-2010-4782

Softwebs Nepal Ananda Real Estate 3.4 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-4782. PoCs published by underground-stockholm.com, ajann.

AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in Ananda Real Estate 3.4 via the 'list.asp' page. Multiple parameters (city, state, country, minprice, maxprice, bed, bath) are vulnerable to SQLi using a simple union-based injection technique.

Description

Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.

Exploits (2)

exploitdb WORKING POC VERIFIED
by underground-stockholm.com · textwebappsasp
https://www.exploit-db.com/exploits/15661

This exploit demonstrates SQL injection vulnerabilities in Ananda Real Estate 3.4 via the 'list.asp' page. Multiple parameters (city, state, country, minprice, maxprice, bed, bath) are vulnerable to SQLi using a simple union-based injection technique.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Ananda Real Estate 3.4
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ajann · textwebappsasp
https://www.exploit-db.com/exploits/3001

This exploit demonstrates a SQL injection vulnerability in Ananda Real Estate <= 3.4 via the 'agent' parameter in list.asp. The provided URL-encoded payload extracts username and password from the 'user' table.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Ananda Real Estate <= 3.4
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23506
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15661
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8185
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45146

Scores

EPSS 0.0103
EPSS Percentile 59.2%

Details

CWE
CWE-89
Status published
Products (1)
softwebsnepal/ananda_real_estate 3.4
Published Apr 07, 2011
Tracked Since Feb 18, 2026