header-logo
Suggest Exploit
vendor:
Relative Real Estate Systems
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Relative Real Estate Systems
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:relative_real_estate_systems
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

SQL Injection vulnerability in Relative Real Estate Systems

The 'index.php' script of Relative Real Estate Systems fails to properly sanitize user-supplied input before using it in an SQL query. This allows remote attackers to pass malicious input to database queries, potentially leading to modification of query logic or other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input sanitization and parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15714/info

Relative Real Estate Systems is prone to an SQL injection vulnerability.

This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script before using it in an SQL query.

This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. 

http://www.example.com/index.php?name=&price_from=&price_to=&city=&state=SC&mls=[SQL]&bathroom=-1&bedrooms=-1&go=search&results=1

Navigation

Suggest Exploit

Services By CQR