CVE-2011-3394

MYRE Real Estate Software - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3394. PoCs published by SecPod Research.

AI-analyzed exploit summary The document describes multiple XSS and SQL injection vulnerabilities in MYRE Real Estate Software, providing proof-of-concept URLs for exploitation without actual exploit code.

Description

SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SecPod Research · textwebappsphp

https://www.exploit-db.com/exploits/17811

View Code ZIP pw:eip

The document describes multiple XSS and SQL injection vulnerabilities in MYRE Real Estate Software, providing proof-of-concept URLs for exploitation without actual exploit code.

Classification

Writeup 100%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: MYRE Real Estate Software

No auth needed

Prerequisites: Network access to the vulnerable application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://secpod.org/advisories/SECPOD_MRS_SQL_XSS_Vuln.txt

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8376

Scores

EPSS 0.0109

EPSS Percentile 60.9%

Details

CWE

CWE-89

Status published

Products (1)

myrephp/myre_real_estate_software

Published Sep 15, 2011

Tracked Since Feb 18, 2026