CVE-2012-4258

MYRE Real Estate Software 2012 Q2 - SQL Injection via link_idd or userid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-4258. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The exploit demonstrates SQL injection and XSS vulnerabilities in MYRE Real Estate Mobile 2012 Q2. It includes PoC URLs for both SQLi (via 'link_idd' and 'userid' parameters) and XSS (via 'bedrooms1' and 'price2' parameters).

Description

Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/19132

The exploit demonstrates SQL injection and XSS vulnerabilities in MYRE Real Estate Mobile 2012 Q2. It includes PoC URLs for both SQLi (via 'link_idd' and 'userid' parameters) and XSS (via 'bedrooms1' and 'price2' parameters).

Classification
Working Poc 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: MYRE Real Estate Mobile 2012 Q2
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/18843

The exploit demonstrates SQL injection and XSS vulnerabilities in MYRE Real Estate Mobile 2012 Q2. It includes PoC URLs for both SQLi (via `link_idd` and `userid` parameters) and XSS (via `bedrooms1` and `price2` parameters).

Classification
Working Poc 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: MYRE Real Estate Mobile 2012 Q2
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Scores

EPSS 0.0112
EPSS Percentile 62.0%

Details

CWE
CWE-89
Status published
Products (1)
myrephp/myre_real_estate_software 2012 q2
Published Aug 13, 2012
Tracked Since Feb 18, 2026