CVE-2010-4738
published 2011-02-16CVE-2010-4738: Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands…
PriorityP348high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.80%
75.8th percentile
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| raemedia | real_estate_single_and_multi_agent_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Rae Media Real Estate Multi Agent - SQL Injection
exploitdb·2011-02-16
CVE-2010-4738 Rae Media Real Estate Multi Agent - SQL Injection
Rae Media Real Estate Multi Agent - SQL Injection
---
source: https://www.securityfocus.com/bid/45212/info
Multi Agent System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Multi Agent System 3.0 is vulnerable; other versions may also be affected.
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/multi/city.asp?probe=[Code]
Exploit-DB
Rae Media Real Estate Single Agent - SQL Injection
exploitdb·2011-02-16
CVE-2010-4738 Rae Media Real Estate Single Agent - SQL Injection
Rae Media Real Estate Single Agent - SQL Injection
---
source: https://www.securityfocus.com/bid/45211/info
Real Estate Single is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Real Estate Single 3.0 is vulnerable; other versions may also be affected.
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/resulttype.asp?probe=[Code]
No writeups or analysis indexed.
http://osvdb.org/69627http://osvdb.org/69628http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txthttp://secunia.com/advisories/42515http://securityreason.com/securityalert/8080http://securityreason.com/securityalert/8082http://securityreason.com/securityalert/8088http://www.securityfocus.com/bid/45211http://www.securityfocus.com/bid/45212http://osvdb.org/69627http://osvdb.org/69628http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txthttp://secunia.com/advisories/42515http://securityreason.com/securityalert/8080http://securityreason.com/securityalert/8082http://securityreason.com/securityalert/8088http://www.securityfocus.com/bid/45211http://www.securityfocus.com/bid/45212
2011-02-16
Published