Preprojects: >> Pre Real Estate Listings Security Vulnerabilities
Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
CVSS Score
6.5
EPSS Score
0.03
Published
2009-08-24
Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field).
CVSS Score
7.5
EPSS Score
0.001
Published
2009-05-07
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
CVSS Score
7.5
EPSS Score
0.002
Published
2009-05-07
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-09-23