SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote malicious users to execute arbitrary SQL commands via the pid parameter.
xstate real estate 1.0