Vulnerability Details CVE-2010-1708
Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt
- http://www.exploit-db.com/exploits/12411
- http://www.securityfocus.com/bid/39712
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58193
- http://packetstormsecurity.org/1004-exploits/freerealty-sql.txt
- http://www.exploit-db.com/exploits/12411
- http://www.securityfocus.com/bid/39712
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58193
Products affected by CVE-2010-1708
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.6
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.6.1
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.6.2
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.7
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.8
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.8.2
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.8.3
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.8.4
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.8.5
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.8.6
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.8.6-1
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9-0.0
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9-0.1
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9-0.2
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9-0.3
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9-0.4
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9-0.5
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9-0.7
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9-0.7.1
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9-0.7.2
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9-0.7.3
-
cpe:2.3:a:freerealty.rwcinc:free_realty:2.9-0.7.4
-
cpe:2.3:a:freerealty.rwcinc:free_realty:3.0-0