Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:54
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/50707 - Exploit | |
References | () http://osvdb.org/50708 - Exploit | |
References | () http://secunia.com/advisories/33167 - Vendor Advisory | |
References | () http://securityreason.com/securityalert/4848 - | |
References | () http://www.securityfocus.com/bid/32812 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/47323 - | |
References | () https://www.exploit-db.com/exploits/7464 - |
Information
Published : 2008-12-30 20:30
Updated : 2024-11-21 00:54
NVD link : CVE-2008-5772
Mitre link : CVE-2008-5772
CVE.ORG link : CVE-2008-5772
JSON object : View
Products Affected
aspsiteware
- realtylistings
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')