CVE-2010-4782

Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
softwebsnepalananda_real_estate
3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt
http://secunia.com/advisories/23506
http://securityreason.com/securityalert/8185
http://www.exploit-db.com/exploits/15661
http://www.securityfocus.com/bid/45146
http://packetstormsecurity.org/files/view/96305/anandarealestate-sql.txt
http://secunia.com/advisories/23506
http://securityreason.com/securityalert/8185
http://www.exploit-db.com/exploits/15661
http://www.securityfocus.com/bid/45146