CVE-2010-4782

Published: 07/04/2011 Updated: 22/09/2011

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote malicious users to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.

Vulnerable Product	Search on Vulmon	Subscribe to Product
softwebsnepal ananda real estate 3.4

TITLE: Ananda Real Estate "listasp" Multiple SQL Injection Vulnerabilities PRODUCT: Ananda Real Estate 34 PRODUCT URL: wwwsoftwebsnepalcom/website_design_realestatehtm RESEARCHERS: underground-stockholmcom RESEARCHERS URL: underground-stockholmcom/ BUGS: [host]/[path]/listasp?city=%27%29%29+union+insect&state=&amp ...

******************************************************************************* # Title : Ananda Real Estate <= 34 (agent) Remote SQL Injection Vulnerability # Author : ajann # Contact : :( # SPage : wwwenthrallwebus # $$ : 17940 USD ******************************************************************************* [[SQ ...

CWE-89 http://www.exploit-db.com/exploits/15661 http://www.securityfocus.com/bid/45146 http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt http://secunia.com/advisories/23506 http://securityreason.com/securityalert/8185 https://nvd.nist.gov https://www.exploit-db.com/exploits/15661/

CVE-2010-4782

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect