Published: 18/10/2017 Updated: 30/07/2020

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component prior to 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
realtyna realtyna property listing

Realtyna RPL 892 Joomla Extension Multiple SQL Injection Vulnerabilities Vendor: Realtyna LLC Product web page: wwwrealtynacom Affected version: 892 Summary: Realtyna CRM (Client Relationship Management) Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate ...

Realtyna RPL suffers from multiple SQL Injection vulnerabilities Input passed via multiple POST parameters is not properly sanitized before being returned to the user or used in SQL queries This can be exploited to manipulate SQL queries by injecting arbitrary SQL code ...

CWE-89 https://www.exploit-db.com/exploits/38527/http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5272.php http://rpl.realtyna.com/change-logs/rpl7-changelog http://packetstormsecurity.com/files/134066/Realtyna-RPL-8.9.2-SQL-Injection.html https://nvd.nist.gov https://www.exploit-db.com/exploits/38527/

CVE-2015-7714

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect